Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/03/26 9:49 p.m.13 views

OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)

Summary The patch for CVE-2026-32013 introduced symlink resolution and workspace boundary enforcement for agents.files.get and agents.files.set. However, two other handlers in the same file agents.create and agents.update still use raw fs.appendFile on the IDENTITY.md file without any symlink...

8.8CVSS6.5AI score0.00639EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2026/03/26 9:49 p.m.4 views

GHSA-7XR2-Q9VF-X4R5 OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)

Summary The patch for CVE-2026-32013 introduced symlink resolution and workspace boundary enforcement for agents.files.get and agents.files.set. However, two other handlers in the same file agents.create and agents.update still use raw fs.appendFile on the IDENTITY.md file without any symlink...

7.1CVSS6.4AI score0.00324EPSS
Exploits1References8
Circl
Circl
added 2026/03/19 11:0 p.m.3 views

CVE-2026-32013

creationtimestamp| type| source ---|---|--- 2026-03-19 23:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhh474zuly2s 2026-03-29 02:00:05+00:00| seen| https://t.me/GithubRedTeam/77718 2026-03-29 09:00:04+00:00| published-proof-of-concept|...

8.8CVSS4.9AI score0.00639EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/03/02 10:40 p.m.14 views

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32013 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32013 Source advisory: OSV:GHSA-FGVX-58P6-GJWC...

8.8CVSS5.8AI score0.00639EPSS
Exploits0
Rows per page
Query Builder