A vulnerability, which was classified as critical , was found in haojing8312 WorkClaw up to 0.6.4 . This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler . Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2026-9565 . The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not respo