Vulnerability  ·  2026-07-19

SafestClaw Shell Action Incomplete Blacklist Enables Command Bypass

VulnerabilityMedium impactGlobalCVE-2026-16129
NVD published a medium-severity (CVSS 5.3) incomplete-blacklist vulnerability in SafestClaw's shell command validation logic used to guard AI-agent-initiated shell actions.
SafestClaw's name implies it is meant to safely constrain agent shell access; an incomplete blacklist in its core validation function undermines the tool's core safety guarantee for any AI agent using it to execute shell commands.
The ShellAction._validate_command function in src/safestclaw/actions/shell.py, part of the Built-in Web Interface component, relies on an incomplete blacklist to restrict shell commands, allowing an attacker with local/adjacent access to craft commands that evade the filter.
princezuda SafestClaw up to 4.2.4
No official patch confirmed at disclosure time; replace blacklist-based command filtering with an allowlist approach.
SafestClaw GitHub repository
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →