{"id":80967,"date":"2026-06-23T22:03:46","date_gmt":"2026-06-23T18:33:46","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-55249-rtk-ai-rtk-rewrite-openclaw-rewrite-plugin-command-injection-via-execsync-template-string\/"},"modified":"2026-06-23T22:03:46","modified_gmt":"2026-06-23T18:33:46","slug":"cve-2026-55249-rtk-ai-rtk-rewrite-openclaw-rewrite-plugin-command-injection-via-execsync-template-string","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-55249-rtk-ai-rtk-rewrite-openclaw-rewrite-plugin-command-injection-via-execsync-template-string\/","title":{"rendered":"CVE-2026-55249 &#8211; @rtk-ai\/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String"},"content":{"rendered":"<p>CVE ID :CVE-2026-55249<\/p>\n<p>  Published : June 23, 2026, 6:33 p.m. | 1\u00a0hour, 10\u00a0minutes ago<\/p>\n<p>  Description :@rtk-ai\/rtk-rewrite transparently rewrites shell commands executed via OpenClaw&#8217;s exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai\/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync() template string without shell-safe escaping. JSON.stringify() wraps the value in double quotes and escapes inner double-quotes and backslashes, but leaves $() and backtick shell metacharacters untouched. Because execSync delegates execution to \/bin\/sh -c, the shell expands $(&#8230;) substitutions even inside double-quoted strings, causing the injected subcommand to execute before rtk is invoked. An attacker who can influence the exec tool&#8217;s command parameter (e.g., via an LLM agent prompt or gateway\/tool-call input) achieves arbitrary OS command execution with the privileges of the plugin\/gateway process.<\/p>\n<p>  Severity: 0.0 | NA<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-55249 Published : June 23, 2026, 6:33 p.m. | 1\u00a0hour, 10\u00a0minutes ago Description :@rtk-ai\/rtk-rewrite transparently rewrites shell commands executed via OpenClaw&#8217;s exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai\/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync() template string without shell-safe escaping. JSON.stringify() wraps the value in double quotes &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-80967","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/80967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=80967"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/80967\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=80967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=80967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=80967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}