OpenClaw path traversal vulnerability (CNVD-2026-13428)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the browser download assistant accepting uncleaned output paths, which can be exploited by an attacker to traverse a directory on a system t...

OpenClaw < 2026.2.13 Multiple Vulnerabilities

The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.2.13. It is, therefore, affected by multiple vulnerabilities: - The optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback,...

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the browser download assistant accepting uncleaned output paths, which can be exploited by an attacker to traverse a directory on a system t...

CVE-2026-26972 OpenClaw has a Path Traversal in Browser Download Functionality

OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads...

CVE-2026-26972

OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads...

CVE-2026-26972 OpenClaw has a Path Traversal in Browser Download Functionality

OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads...

Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate

Summary Use of curl with the -k or --insecure flag in installer scripts allows attackers to deliver arbitrary executables via Man-in-the-Middle MitM attacks. This can lead to full system compromise, as the downloaded files are installed as privileged applications. Details The following scripts in...

ICA file not opening automatically instead it is downloading on browser on Double hop scenario

Every time an application is launched, it opens with a browser instead locally installed workspace app even though the native workspace app is the default selection...

Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.0(629) Multiple Vulnerabilities

The remote host has a version of Cisco AnyConnect 2.x or 3.x prior to 3.0629 and is, therefore, affected by the following vulnerabilities : - When the client is obtained from the VPN headend using a web browser, a helper application performs the download and installation. This helper application...