Fedora: Security Advisory (FEDORA-2026-5aafda8cd8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-38116

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds write in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. An out of bounds write...

Directory Traversal

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can write arbitrary files on the...

Directory Traversal

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can...

Fedora 43 : libinput (2026-5aafda8cd8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5aafda8cd8 advisory. libinput 1.30.3, fixes Lua plugin sandbox escape CVE-2026-35093,CVE-2026-35094 Tenable has extracted the preceding description block directly from t...

Claude SDK For Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then returned the unresolved path for subsequent file operations. A local attacker able to write to the memory directory could retarget a...

CVE-2026-34955

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

PT-2026-38115

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in ServiceWorker allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that...

PraisonAI 操作系统命令注入漏洞

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the fact that SubprocessSandbox relies on string pattern matching to block dangerous commands in all modes and the block list does not...

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20444-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20444-1 advisory. Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754:...

CVE-2026-34955

PraisonAI's SubprocessSandbox is vulnerable prior to version 4.5.97: it uses subprocess.run() with shell=True in all modes and blocks commands only by string-pattern matching, not recognizing sh/bash as standalone executables. This enables sandbox escape in STRICT mode via sh -c '' (and related b...

CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

CVE-2026-34955

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

CVE-2024-40849

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox...

CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

CVE-2026-34938

PraisonAI contains a Python sandbox escape in the execute_code() function of praisonai-agents. Prior to version 1.5.90, the three-layer sandbox can be bypassed by passing a str subclass with an overridden startswith() to the _safe_getattr wrapper, enabling arbitrary OS command execution on the ho...

SandboxJS: Sandbox Escape via Prop Object Leak in New Handler

Description A scope modification vulnerability exists in @nyariv/sandboxjs version 0.8.35 and below. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an...

GHSA-9P3R-HH9G-5CMG OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile

Summary Sandbox escape via TOCTOU race in remote FS bridge readFile Current Maintainer Triage - Normalized severity: critical - Assessment: v2026.3.28 remote sandbox reads still do path-check then separate file read, so the TOCTOU sandbox escape remains present in the latest shipped tag. Affected...