OpenClaw has a workspace-only sandbox guard mismatch for @-prefixed absolute paths

A workspace-only file-system guard mismatch allowed @-prefixed absolute paths to bypass boundary validation in some tool path checks. Impact When tools.fs.workspaceOnly=true, certain @-prefixed absolute paths for example @/etc/passwd could be validated before canonicalization while runtime path...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via improper validation of media local-paths in the sandbox. An attacker can access and exfiltrate files outside the intended sandbox boundary by supplying absolute...

GHSA-33HM-CQ8R-WC49 Temporary path handling could write outside OpenClaw temp boundary

Summary Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root. Affected Packages / Versions - Package: openclaw npm - Latest published version verified during triage: 2026.2.23 - Affected versions: = 2026.2.24 Detail...

PT-2026-26414

A workspace-only file-system guard mismatch allowed @-prefixed absolute paths to bypass boundary validation in some tool path checks. Impact When tools.fs.workspaceOnly=true, certain @-prefixed absolute paths for example @/etc/passwd could be validated before canonicalization while runtime path...

PT-2026-26016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.24 Description OpenClaw versions before 2026.2.24 contain a local media root bypass in the sendAttachment and setGroupIcon message actions when sandboxRoot is not configured. This allows attackers to read...

CVE-2026-23521 Traccar vulnerable to Path Traversal and External Control of File Name or Path

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

OpenClaw 路径遍历漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary files from a gateway host by supplying an absolute path or path traversal sequence to the upload operation of a browser...

Arbitrary File Write

Langflow is vulnerable to arbitrary file write. The vulnerability is due to lack of path validation and directory restrictions in the fspath parameter, which allows an attacker to specify arbitrary absolute paths and overwrite files on the server...

Notepad++ 代码问题漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Versions of Notepad++ prior to 8.9.2 had a code vulnerability; this vulnerability stemmed from the use of an absolute executable path when launching the Windows Explorer, which could lead to arbitrary code executi...

PT-2026-6473

Summary The isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. Detai...

CVE-2026-23888

A flaw was found in pnpm, a package manager. A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. This can occur through malicious ZIP entries containing directory traversal sequences ../ or absolute paths, or ...

CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

Summary A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: 1 Malicious ZIP entries containing ../ or absolute paths that escape the extraction root via AdmZip's...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extractPackageTarball function. An attacker can write arbitrary files to the filesystem by supplying a malicious tar file containing absolute paths. Note: This vulnerability results from an incomplete fix of...

PT-2026-3403

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 0.0.0-20260116051925-c62ab83c589e Description esm.sh is a content delivery network for web development. Versions prior to pseudoversion 0.0.0-20260116051925-c62ab83c589e contain a path traversal issue. The issue stems...

node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Summary The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Proof of concept exploit for CVE-2025-55182...

Evolving Spring Vault: Introducing VaultClient

Back in September 2016, nearly a decade ago now, we introduced Spring Vault as a integration layer for HashiCorp Vault within Spring applications, complemented by Spring Cloud Vault for Spring Boot arrangements. The core idea has always been straightforward: Externalizing secrets to encrypted Vau...

CVE-2025-68478

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...

PYSEC-2025-125

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...