Lucene search
K

8 matches found

CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.14 had a path traversal vulnerability. This vulnerability stemmed from issues with path traversal in the applypatch function, which could allow attackers to write to or delete files outside of the...

8.8CVSS5.8AI score0.00742EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 10:16 p.m.10 views

CVE-2026-28452

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...

6.7CVSS0.00319EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 10:16 p.m.4 views

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

9.8CVSS6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 10:0 p.m.2 views

CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...

8.2CVSS5.9AI score0.00292EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 9:59 p.m.20 views

CVE-2026-28457

OpenClaw is affected by a path traversal vulnerability in sandbox skill mirroring that uses the frontmatter name when copying skills into the sandbox workspace. Affected versions: OpenClaw before 2026.2.14. Attackers can craft a skill package with traversal sequences (e.g., ../ or absolute paths)...

7.9CVSS5.9AI score0.00134EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.2 views

CVE-2026-28456 OpenClaw 2026.1.5 < 2026.2.14 - Arbitrary Code Execution via Unsafe Hook Module Path Handling

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

8.6CVSS5.9AI score0.00405EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9902

OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft malicious archives with traversal sequences like ../../ to write files outside extraction boundarie...

8.3CVSS6AI score0.00409EPSS
Exploits0References3
OSV
OSV
added 2026/03/02 10:40 p.m.2 views

GHSA-P25H-9Q54-FFVW OpenClaw has Zip Slip path traversal in tar archive extraction

Summary OpenClaw versions before 2026.2.14 did not sufficiently validate TAR archive entry paths during extraction. A crafted archive could use path traversal sequences for example ../../... to write files outside the intended destination directory Zip Slip. Affected Packages / Versions - Package...

8.3CVSS6AI score0.00409EPSS
Exploits0References5
Rows per page
Query Builder