PT-2026-37022

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A path traversal issue exists in the screen record tool where the outPath parameter bypasses workspace-only filesystem guards. This allows an authorized tool call to write files to unintended...

[SECURITY] Fedora 44 Update: plasma-workspace-6.6.4-1.fc44

Plasma 6 libraries and runtime components...

[SECURITY] Fedora 44 Update: plasma-workspace-wallpapers-6.6.4-1.fc44

Additional wallpapers for Plasma workspace...

[SECURITY] Fedora 44 Update: kwin-x11-6.6.4-1.fc44

Alternative version of the KDE Window Manager KWin using the legacy X11 win dow system instead of the default Wayland. This version of KWin is required by plasma-workspace-x11, which provides the "Plasma X11" session type. This version is maintained by individual Fedora packagers and NOT supporte...

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

GHSA-VR7G-88FQ-VHQ3 Paperclip: OS Command Injection via Execution Workspace cleanupCommand

| Field | Value | |-------|-------| | Affected Software | Paperclip AI v2026.403.0 | | Affected Component | Execution Workspace lifecycle workspace-runtime.ts | | Affected Endpoint | PATCH /api/execution-workspaces/:id | | Deployment Modes | All — localtrusted zero auth, authenticated any company...

Paperclip: OS Command Injection via Execution Workspace cleanupCommand

| Field | Value | |-------|-------| | Affected Software | Paperclip AI v2026.403.0 | | Affected Component | Execution Workspace lifecycle workspace-runtime.ts | | Affected Endpoint | PATCH /api/execution-workspaces/:id | | Deployment Modes | All — localtrusted zero auth, authenticated any company...

Paperclip: Malicious skills able to exfiltrate and destroy all user data

Summary An arbitrary code execution vulnerability in the workspace runtime service allows any agent to execute shell commands on the server, exposing all environment variables including API keys, JWT secrets, and database credentials. Details A malicious skill can instruct the agent to exploit th...

GHSA-W8HX-HQJV-VJCQ Paperclip: Malicious skills able to exfiltrate and destroy all user data

Summary An arbitrary code execution vulnerability in the workspace runtime service allows any agent to execute shell commands on the server, exposing all environment variables including API keys, JWT secrets, and database credentials. Details A malicious skill can instruct the agent to exploit th...

GHSA-265W-RF2W-CJH4 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

Summary Paperclip contains a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host. An attacker with an agent credential can escalate privileges from the agent runtime to the Paperclip server host. The...

Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

Summary Paperclip contains a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host. An attacker with an agent credential can escalate privileges from the agent runtime to the Paperclip server host. The...

OpenClaw: TOCTOU read in exec script preflight

Summary OpenClaw's exec script preflight validator previously validated and then read a script by mutable pathname. A local race could swap the path between validation and read, causing preflight analysis to inspect a different file identity than the one that passed the workspace boundary check...

CVE-2026-39425

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

CVE-2026-40152

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...

CVE-2026-39425 MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

CVE-2026-39425

CVE-2026-39425 affects MaxKB (enterprise AI assistant). Versions 2.7.1 and earlier allow Stored XSS via unsanitized tags in the Application prologue, stored through /admin/api/workspace/{workspace_id}/application and rendered by the frontend via innerHTML, enabling persistent XSS and potential s...

CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

EUVD-2026-22180

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

CVE-2026-39421

CVE-2026-39421 affects MaxKB (versions 2.7.1 and earlier). The sandbox escape occurs in ToolExecutor via Python ctypes calling raw syscalls to bypass LD_PRELOAD sandbox.so, enabling arbitrary code execution through direct kernel syscalls and potential full container/network compromise. The librar...