46 matches found
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the OpenShell mirror mode that converts untrusted sandbox files into workspace hooks. An attacker can execute arbitrary code on the host system by providi...
EUVD-2026-25339
OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...
GHSA-M563-373Q-885C Duplicate Advisory: OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-42mx-vp8m-j7qh. This link is maintained to preserve external references. Original Description OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted...
CVE-2026-41355
OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...
CVE-2026-41355
OpenShell is affected by CVE-2026-41355 (pre-2026.3.28) where a vulnerability in mirror mode allows conversion of untrusted sandbox files into workspace hooks, enabling arbitrary code execution on the host at gateway startup when mirror-mode access is present. The issue stems from how workspace h...
CVE-2026-41355 OpenClaw < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion
OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...
CVE-2026-41355
OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from an arbitrary code execution vulnerability in the mirror mode. By converting untrusted sandbox files int...
GHSA-42MX-VP8M-J7QH OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
Summary OpenShell mirror mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real on shipped = 2026.3.28 - First stable tag...
PT-2026-34786
Name of the Vulnerable Software and Affected Versions OpenShell versions prior to 2026.3.28 Description An arbitrary code execution issue exists in mirror mode, which allows untrusted sandbox files to be converted into workspace hooks. Attackers with mirror mode access can execute arbitrary code ...
Directory Traversal
Overview @anthropic-ai/sdk is a The official TypeScript library for the Anthropic API Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths in the memory tool. An attacker can access or modify files outside the intended sandboxed...
EUVD-2025-206273
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container...
PT-2025-54487
Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.2 Description A permissions issue existed where an application could potentially access protected files within an App Sandbox container. This issue was addressed with additional restrictions. Recommendations...
EUVD-2023-43125
Malicious code in bioql PyPI...
EUVD-2023-43127
Malicious code in bioql PyPI...
EUVD-2023-43123
Malicious code in bioql PyPI...
EUVD-2023-43126
Malicious code in bioql PyPI...
EUVD-2023-43124
Malicious code in bioql PyPI...
Sandboxie 路径遍历漏洞
Sandboxie is sandboxie-plus open source sandbox-based isolation software. Sandboxie suffers from a path traversal vulnerability that originates from an authenticated and unprivileged user having the right to read all files in the sandbox folder C:SandboxUserBxxx that belong to other users created...
PT-2024-26012 · Samsung · Samsung Health
Name of the Vulnerable Software and Affected Versions: Samsung Health versions prior to 6.27.0.113 Description: The issue is related to improper input validation, allowing local attackers to write arbitrary document files to the sandbox of Samsung Health. This requires user interaction to trigger...