4 matches found
OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Summary The patch for CVE-2026-32013 introduced symlink resolution and workspace boundary enforcement for agents.files.get and agents.files.set. However, two other handlers in the same file agents.create and agents.update still use raw fs.appendFile on the IDENTITY.md file without any symlink...
GHSA-7XR2-Q9VF-X4R5 OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Summary The patch for CVE-2026-32013 introduced symlink resolution and workspace boundary enforcement for agents.files.get and agents.files.set. However, two other handlers in the same file agents.create and agents.update still use raw fs.appendFile on the IDENTITY.md file without any symlink...
CVE-2026-32013
creationtimestamp| type| source ---|---|--- 2026-03-19 23:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhh474zuly2s 2026-03-29 02:00:05+00:00| seen| https://t.me/GithubRedTeam/77718 2026-03-29 09:00:04+00:00| published-proof-of-concept|...
vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32013 via openclaw (=0.0.1)
openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32013 Source advisory: OSV:GHSA-FGVX-58P6-GJWC...