303 matches found
CVE-2026-35668
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...
EUVD-2026-21482
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...
CVE-2026-35668
OpenClaw contains a path traversal vulnerability in its sandbox enforcement prior to version 2026.3.24. The flaw allows sandboxed agents to read arbitrary files from other agents’ workspaces through unnormalized mediaUrl and fileUrl parameter keys, due to incomplete parameter validation in normal...
CVE-2026-35668 OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...
CVE-2026-35668
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the mediaUrl and fileUrl parameters, which bypass validation of localRoots. An attacker can access arbitrary files on the local filesystem by supplying crafted...
CVE-2026-33581 OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters
OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidate...
OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)
Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Sandbox Media Root Bypass via Unnormalized mediaUrl / fileUrl Parameter Keys CWE-22 Description: Summary A path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary...
GHSA-HR5V-J9H9-XJHG OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)
Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Sandbox Media Root Bypass via Unnormalized mediaUrl / fileUrl Parameter Keys CWE-22 Description: Summary A path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary...
Server-side Request Forgery (SSRF)
Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the convertmessagecreatetomessage function in the File URL Handler component when processing the ImageContent argument. An attacker...
CVE-2026-4964
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
CVE-2026-32938
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET...
SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service
Summary In SiYuan, /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/path, which only requires authentication, a publish-service...
easegen-admin 路径遍历漏洞
easegen-admin is a digital human course creation platform developed by taoofagi. Easegen-admin has a path traversal vulnerability, which stems from incorrect handling of the parameter fileUrl in the file...
CVE-2026-2945
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has bee...
JeecgBoot 代码问题漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.0 of JeecgBoot contains a code vulnerability that stems from incorrect handling of the parameter fileUrl in the file /sys/common/uploadImgByHttp. This vulnerability could le...
CVE-2025-9208
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...
CVE-2025-9208
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...
CVE-2025-9208 Stored-XSS vulnerability discovered in OpenText WSM Management Server.
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...
PT-2026-20947
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...