4154 matches found
EUVD-2026-13296
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
CVE-2026-32013 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...
CVE-2026-32013
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...
CVE-2026-32007 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...
CVE-2026-32007
OpenClaw up to version 2026.2.23 is affected by a path traversal vulnerability in the experimental apply_patch tool. The issue arises from inconsistent enforcement of workspace-only checks on mounted paths, allowing sandbox-embedded attackers to use apply_patch operations on writable mounts outsi...
CVE-2026-32007 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...
EUVD-2026-13265
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...
CVE-2026-32007
OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...
CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...
CVE-2026-32002 OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass
OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...
CVE-2026-32002
OpenClaw is affected in versions prior to 2026.2.23. The sandboxed image tool fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing reading of out-of-workspace files. Attackers can load restricted mounted images and exfiltrate them via vision model provider reque...
CVE-2026-32002 OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass
OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...
CVE-2026-32002
OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...
EUVD-2026-13255
OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...
CVE-2026-32747
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...
CVE-2026-32750
CVE-2026-32750 (SiYuan) affects SiYuan versions 3.6.0 and earlier. The vulnerability occurs in POST /api/import/importStdMd, where the localPath parameter is passed directly to model.ImportFromLocalPath without path validation. The function recursively reads every file under the provided path and...
CVE-2026-32750 SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...
CVE-2026-32747 SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...
CVE-2026-32747 SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...