3 matches found
CVE-2026-32024
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32024 via openclaw (=0.0.1)
openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32024 Source advisory: OSV:GHSA-RX3G-MVC3-QFJF...