16 matches found
CVE-2026-40515
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
EUVD-2026-23450
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
CVE-2026-40515
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
CVE-2026-40515
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
CVE-2026-40515
OpenHarness (before commit bd4df81) contains a permission bypass due to incomplete path normalization in the permission checker. Attackers can invoke built‑in grep and glob tools with root directories that aren’t properly evaluated against configured path rules, enabling disclosure of sensitive l...
CVE-2026-32022
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
OpenClaw has an unspecified vulnerability (CNVD-2026-14828)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from a standard input-only policy bypass issue in the grep tool in tools.exec.safeBins, which can be exploited by an attacker to read arbitrary files...
CVE-2026-32022
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
CVE-2026-32022
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
EUVD-2026-13292
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
CVE-2026-32022
OpenClaw is affected in versions older than 2026.2.21. The vulnerability is a stdin-only policy bypass in the grep tool within tools.exec.safeBins that lets an attacker read arbitrary files by supplying a pattern via -e. An attacker can include a positional filename operand to bypass file access ...
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from a standard input-only policy bypass issue in the grep tool in tools.exec.safeBins, which can be exploited by an attacker to read arbitrary files...
GHSA-3XFW-4PMR-4XC5 OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
Summary OpenClaw tools.exec.safeBins had a stdin-only policy bypass for grep. If pattern input was supplied through -e / --regexp, the validator consumed the pattern as a flag value and still allowed one positional operand. That positional could be a bare filename like .env. Affected Packages /...
awesome-oneliner-bugbounty
This repository is an offensive tool for bug bounty hunting. It contains a collection of one-liner scripts for identifying vulnerabilities, particularly for bug bounty tips. The primary CVE ID present in the context is not explicitly mentioned, but the repository includes scripts for Local File...
grep 'kwset.c' remote buffer overflow vulnerability
Grep is a text search tool for Unix systems. A remote buffer overflow vulnerability exists in grep 'kwset.c', which allows an attacker to execute arbitrary code or launch a denial-of-service attack within the context of an application...