13 matches found
CVE-2026-32024
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
CVE-2026-32024
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
CVE-2026-32024
OpenClaw (npm) versions prior to 2026.2.22 are affected by a symlink traversal vulnerability in avatar handling that lets remote attackers read arbitrary files outside the configured workspace boundary by requesting avatar resources through gateway surfaces. The issue affects the openclaw package...
CVE-2026-32024
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
EUVD-2026-13296
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
Symlink Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the avatar handling. An attacker can access sensitive local files outside the intended workspace by submitting crafted symlink paths to the avatar interface. Remediatio...
PT-2026-26405
Summary OpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar surfaces. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.22 so after npm release, the remaining action is to publis...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the extractImageInfo function for user avatars. An attacker can execute arbitrary scripts in the context of another user by uploading malicious files that are served without proper content type validation...
CVE-2025-4012
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
CVE-2019-17132
vBulletin through 5.5.4 mishandles custom avatars...
phpBB <= 2.0.11 Multiple Vulnerabilities
The remote host is running phpBB version 2.0.11 or older. Such versions suffer from multiple vulnerabilities: - full path display on critical messages. - full path disclosure in username handling caused by a PHP 4.3.10 bug. - arbitrary file disclosure vulnerability in avatar handling functions. -...