Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

9.8CVSS6AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 10:16 p.m.14 views

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

9.8CVSS0.00439EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.37 views

CVE-2026-28393 OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform Path Traversal

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

8.3CVSS0.00439EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 9:59 p.m.20 views

CVE-2026-28393

OpenClaw 2.0.0-beta3 through 2026.2.13 contains a path-traversal vulnerability in the hook transform module loading (hooks.mappings[].transform.module) that allows loading and executing arbitrary JavaScript with gateway process privileges when an attacker can modify configuration. The issue arise...

9.8CVSS6.1AI score0.00439EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/03 11:0 p.m.5 views

GHSA-659F-22XC-98F2 OpenClaw hook transform path containment missed symlink-resolved escapes

Vulnerability Webhook transform modules were validated with lexical path checks only. A symlink under the allowed hooks transform tree could resolve outside the intended directory and be dynamically imported. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.21-2 ...

7.3CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 11:0 p.m.6 views

OpenClaw hook transform path containment missed symlink-resolved escapes

Vulnerability Webhook transform modules were validated with lexical path checks only. A symlink under the allowed hooks transform tree could resolve outside the intended directory and be dynamically imported. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.21-2 ...

6AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.12 views

PT-2026-23522

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2.0.0-beta3 through 2026.2.13 Description The OpenClaw software contains a path traversal issue within the hook transform module loading process that could lead to arbitrary JavaScript execution. The...

9.8CVSS6AI score0.00439EPSS
Exploits0References10
Rows per page
Query Builder