CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2026/05/06 6:30 p.m.•5 views

EUVD-2026-27873

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and content.files values or creati...

9.3CVSS5.9AI score0.00017EPSS

Exploits0References3

NVD•added 2026/05/06 5:16 p.m.•8 views

CVE-2026-7875

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...

9.3CVSS0.00017EPSS

Exploits0References3

CVE•added 2026/05/06 4:10 p.m.•5 views

CVE-2026-7875

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup. A compromised or prompt-injected container can read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or by creating sym...

9.3CVSS5.9AI score0.00017EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•6 views

PT-2026-37662

Name of the Vulnerable Software and Affected Versions NanoClaw affected versions not specified Description A host/container filesystem boundary issue exists in outbound attachment handling and outbox cleanup. A compromised or prompt-injected container can read files outside the intended outbox...

9.3CVSS5.9AI score0.00017EPSS

Exploits0References7

Github Security Blog•added 2026/04/22 6:31 p.m.•3 views

uutils coreutils has a Link Following issue

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS5.2AI score0.00016EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2026/04/17 10:21 p.m.•4 views

OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR

Summary A flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is running with elevated privileges. The injector trusted TMPDIR from the target process and used unsafe file creation...

8.4CVSS5.9AI score0.00021EPSS

Exploits1References4Affected Software1

NVD•added 2026/04/10 5:17 p.m.•0 views

CVE-2026-35658

OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject...

6.5CVSS0.00043EPSS

Exploits0References6

CVE•added 2026/04/10 4:3 p.m.•5 views

CVE-2026-35658

OpenClaw CVE-2026-35658 affects the OpenClaw image tool prior to version 2026.3.2. The vulnerability is a filesystem boundary bypass that ignores tools.fs.workspaceOnly restrictions, allowing an attacker to traverse sandbox bridge mounts outside the workspace and read files that other filesystem ...

6.5CVSS5.8AI score0.00043EPSS

Exploits0References6Affected Software1