CVE-2026-15193

Source
https://cve.org/CVERecord?id=CVE-2026-15193
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15193.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-15193
Published
2026-07-09T16:45:08.144Z
Modified
2026-07-15T01:49:02.293158926Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection
Details

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Database specific
{
    "cna_assigner": "VulDB",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "0.1"
                },
                {
                    "last_affected": "0.1"
                },
                {
                    "introduced": "0.2"
                },
                {
                    "last_affected": "0.2"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-77",
        "CWE-78"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/15xxx/CVE-2026-15193.json"
}
References

Affected packages

Git / github.com/aidanpark/openclaw-android

Affected ranges

Type
GIT
Repo
https://github.com/aidanpark/openclaw-android
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.3"
        },
        {
            "last_affected": "0.3"
        },
        {
            "introduced": "0.4.0"
        },
        {
            "last_affected": "0.4.0"
        }
    ]
}

Affected versions

0.*
0.3
0.4.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15193.json"