CVE-2026-41389

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

PT-2025-54227

Name of the Vulnerable Software and Affected Versions inMusic Brands Engine DJ version 4.3.0 Description Engine DJ version 4.3.0 is affected by an issue with insecure permissions. An exposed HTTP service within the Remote Library feature allows attackers to access all files and network paths...

inMusic Engine DJ 安全漏洞

inMusic Engine DJ is a suite of professional DJ software from inMusic USA. A security vulnerability exists in inMusic Engine DJ version 4.3.0, which stems from an insecure privilege in the exposed HTTP service in the remote library that could lead to access to all files and network paths...