6 matches found
CVE-2026-40515
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
EUVD-2026-23450
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
CVE-2026-40515
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
CVE-2026-40515
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
CVE-2026-40515
OpenHarness (before commit bd4df81) contains a permission bypass due to incomplete path normalization in the permission checker. Attackers can invoke built‑in grep and glob tools with root directories that aren’t properly evaluated against configured path rules, enabling disclosure of sensitive l...
PT-2025-47185
Name of the Vulnerable Software and Affected Versions Glob versions 10.3.7 through 11.0.3 Description The glob command-line interface contains a command injection issue in its -c/--cmd option. This allows arbitrary command execution when processing files with maliciously crafted names. When using...