57 matches found
Unity Linux 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-017541)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017541 advisory. An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it...
Astra Linux – Vulnerability in glib2.0
A issue was discovered in GNOME GLib before version 2.66.8. When the gfilereplace function is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly creates the target of the symlink as an empty file. This could potentially have security implications ...
CVE-2026-32232
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...
CVE-2026-32232
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...
CVE-2026-32232
CVE-2026-32232 affects ZeptoClaw (pre-0.7.6). The vulnerability combines Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass, allowing workspace boundary bypass during path validation and subsequent I/O. The issue is fixed in 0.7.6. Affected behavior in...
CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...
CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...
CVE-2026-32232
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...
CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...
ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
Summary Workspace boundary enforcement currently has three related bypass risks. This issue tracks fixing all three in one pull request. Details R1 - Dangling Symlink Component Bypass - What happens: Path validation can miss dangling symlink components during traversal checks. - Why it matters: A...
GHSA-2M67-CXXQ-C3H8 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
Summary Workspace boundary enforcement currently has three related bypass risks. This issue tracks fixing all three in one pull request. Details R1 - Dangling Symlink Component Bypass - What happens: Path validation can miss dangling symlink components during traversal checks. - Why it matters: A...
Symlink Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack through improper handling of symlink alias resolution during workspace boundary checks. An attacker can gain unauthorized write access to files outside the intended workspa...
GHSA-QCC4-P59M-P54M OpenClaw: Sandbox dangling-symlink alias handling could bypass workspace-only write boundary
Summary A sandbox boundary-validation gap in symlink alias handling allowed certain workspace-only write paths to be treated as in-boundary even when they could resolve outside the workspace/sandbox root. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.25 - Late...
OpenClaw: Sandbox dangling-symlink alias handling could bypass workspace-only write boundary
Summary A sandbox boundary-validation gap in symlink alias handling allowed certain workspace-only write paths to be treated as in-boundary even when they could resolve outside the workspace/sandbox root. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.25 - Late...
PT-2026-25043
CVE-2026-32232 ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This… https://t.co/rVG7NT7AHt...
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
JLSEC-2025-158 An issue was discovered in GNOME GLib before 2.66.8
An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...
EUVD-2021-14851
Malware in sbrugna...
EUVD-2025-18139
Malicious code in bioql PyPI...