4 matches found
CVE-2026-29611
OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...
CVE-2026-29611
creationtimestamp| type| source ---|---|--- 2026-03-06 02:19:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgearkm5r52y 2026-03-07 12:02:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghrrylhy425...
CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling
OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...
vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-29611 via openclaw (=0.0.1)
openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-29611 Source advisory: OSV:GHSA-RWJ8-P9VQ-25GV...