Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.5 views

CVE-2026-32846

OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...

8.7CVSS6AI score0.00688EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/03/26 6:35 p.m.13 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-32846 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 Source cves: CVE-2026-32846 Source advisory: SNYK:JS-OPENCLAW-15789429...

8.7CVSS5.4AI score0.00688EPSS
Exploits1
CVE
CVE
added 2026/03/26 4:36 p.m.24 views

CVE-2026-32846

OpenClaw prior to 2026.3.23 contains a path traversal vulnerability in media parsing that can read arbitrary files by bypassing path validation in isLikelyLocalPath() and isValidMedia(), with the allowBareFilename bypass enabling access to files outside the application sandbox. Impact includes di...

8.7CVSS5.9AI score0.00688EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 4:36 p.m.1 views

CVE-2026-32846 OpenClaw < 2026.3.28 Media Parsing Path Traversal to Arbitrary File Read

OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...

8.7CVSS5.9AI score0.00688EPSS
Exploits1References4
Rows per page
Query Builder