Lucene search
+L

70 matches found

EUVD
EUVD
added 2026/07/03 9:0 p.m.8 views

EUVD-2026-41610

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References8
OSV
OSV
added 2026/07/03 9:0 p.m.4 views

CVE-2026-14611 DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of resource

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 5:6 p.m.9 views

GHSA-6C4R-G249-WV3C OpenClaw: Sandboxed session spawn could expose the real workspace path to child prompts

Summary Sandboxed session spawn could expose the real workspace path to child prompts. In affected versions, a child session spawned from a sandboxed parent could forward the host workspace path into the child session prompt. This advisory is scoped to the named feature and configuration. It does...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:26 p.m.5 views

GO-2026-5079 Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution in github.com/openclaw/crabbox

Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution in github.com/openclaw/crabbox...

7.1CVSS5.8AI score0.00144EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57296

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 6:5 p.m.3 views

CVE-2026-53865 OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by...

7.2CVSS6.1AI score0.00119EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36614

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

4.3CVSS5.3AI score0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.16 views

CVE-2026-53826

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

4.3CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53826 OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

4.3CVSS5.3AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.39 views

CVE-2026-53826 OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

4.3CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.34 views

CVE-2026-53826

OpenClaw is affected by an information-disclosure vulnerability in sandboxed session spawning affecting versions prior to 2026.4.26. The issue allows a sandboxed parent to reveal the real workspace path to child prompts, potentially exposing host workspace location or related memory context to ch...

4.3CVSS5.4AI score0.00187EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53826 OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

2.3CVSS5.9AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.34 views

PT-2026-49030

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.26 Description An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related...

4.3CVSS5.2AI score0.00187EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.13 views

CVE-2026-7214

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS6.9AI score0.0041EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/23 5:35 a.m.8 views

Path Traversal

github.com/openclaw/crabbox is vulnerable to path traversal. The vulnerability is due to improper validation of workspace path resolution in the Islo provider, which allows an attacker to supply crafted absolute or relative paths through a malicious .crabbox.yaml or crabbox.yaml file to perform...

7.1CVSS6AI score0.00144EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.11 views

CVE-2026-45224

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...

7.1CVSS5.9AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 7:16 p.m.11 views

CVE-2026-45224

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...

7.1CVSS0.00144EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 2:16 a.m.8 views

CVE-2026-7214

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS0.0041EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/28 1:45 a.m.4 views

CVE-2026-7214 eghuzefa engineer-your-data server.py file_inf path traversal

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS7.1AI score0.0041EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/28 1:45 a.m.36 views

CVE-2026-7214 eghuzefa engineer-your-data server.py file_inf path traversal

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS0.0041EPSS
Exploits0References4
Rows per page
Query Builder