3999 matches found
PT-2026-31969
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the image tools not adhering to the “tools.fs.workspaceOnly” restriction, which could allow attackers to...
PT-2026-33210
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description The '/api/av/removeUnusedAttributeView' endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. This allows an attacker to inject...
CVE-2026-40152
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...
CVE-2026-35632
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files,...
CVE-2026-40152 PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...
CVE-2026-40152
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...
CVE-2026-40152
CVE-2026-40152 affects PraisonAIAgents: the list_files() tool in FileTools validates the directory against workspace boundaries but passes the glob pattern directly to Path.glob(), which can interpret .. path segments. This enables relative path traversal to enumerate arbitrary files outside the ...
CVE-2026-40152 PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...
CVE-2026-40117 PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...
CVE-2026-40117
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...
CVE-2026-40117 PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...
CVE-2026-40117
CVE-2026-40117 concerns PraisonAIAgents, a multi-agent system. Before version 1.5.128, read_skill_file() in skill_tools.py allowed reading arbitrary filesystem files by accepting an unrestricted skill_path, lacking both workspace confinement and an approval gate. This enables potential data exfil...
CVE-2026-39981
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...
Incorrect Permission Assignment for Critical Resource
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the uploadfile or uploadimage process. An attacker can access files outside the intended workspace directory by uploading special...
GHSA-5FC7-F62M-8983 OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)
Impact Feishu docx uploadfile/uploadimage Bypasses Workspace-Only Filesystem Policy GHSA-qf48-qfv4-jjm9 Incomplete Fix. Feishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks. OpenClaw is a user-controlled local assistant. This...
OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)
Impact Feishu docx uploadfile/uploadimage Bypasses Workspace-Only Filesystem Policy GHSA-qf48-qfv4-jjm9 Incomplete Fix. Feishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks. OpenClaw is a user-controlled local assistant. This...
EUVD-2026-20974
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...
CVE-2026-39981 AGiXT has a Path Traversal in safe_join()
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...
PT-2026-31791
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list files tool in FileTools validates the directory parameter against workspace boundaries via validate path, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. pa...