Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/04/02 9:32 p.m.6 views

Duplicate Advisory: OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3x4-hc5v-v2gm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment...

7.6CVSS5.9AI score0.0026EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/01 4:23 p.m.7 views

CVE-2026-34510

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

6.9CVSS0.00319EPSS
Exploits0References5
CVE
CVE
added 2026/04/01 3:29 p.m.14 views

CVE-2026-34510

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets treated as local content, bypassing access restrictio...

6.9CVSS5.9AI score0.00319EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 3:29 p.m.3 views

CVE-2026-34510 OpenClaw < 2026.3.22 - Remote File URL Acceptance in Windows Media Loaders

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

6.9CVSS5.9AI score0.00319EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29545

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

6.9CVSS5.9AI score0.00319EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/26 7:7 p.m.5 views

OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation

Summary Windows local-media handling accepted remote-host file URLs and UNC-style paths before local-path validation, so network-hosted file targets could be treated as local content. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

7.6CVSS5.8AI score0.0026EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder