614 matches found
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...
GHSA-X2CM-HG9C-MF5W OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Summary Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Summary Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
CVE-2026-27523
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
CVE-2026-33218
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...
LiteIDE 安全漏洞
LiteIDE X is a Go language code development tool developed by Seven Leaf individuals. Previous versions of LiteIDE X, such as 38.4, contained security vulnerabilities. These vulnerabilities were caused by inconsistent interpretation of HTTP requests, which could lead to issues with the http...
Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-38468)
"In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...
CVE-2026-27523
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
CVE-2026-27523 OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
CVE-2026-27523 OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
GHSA-6JJ5-J4J8-8473 LeafKit's HTML escaping may be skipped for Collection values, enabling XSS
Summary LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Details LeafKit attempts to escape expressions during serialization, but due to...
Improper Encoding or Escaping of Output
Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the htmlEscaped process. An attacker can inject and execute arbitrary scripts in the context ...
OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
Summary In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree. Impact A low-privilege sandboxed leaf worker could steer or kill a sibling ru...
GHSA-4W7M-58CG-CMFF OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
Summary In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree. Impact A low-privilege sandboxed leaf worker could steer or kill a sibling ru...
ROS-20260313-73-0037
A vulnerability in the htblookupleaf function of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
leaf-playground (>=0.4.0 <=0.6.0), lightrft (=0.1.0) +1 more potentially affected by CVE-2026-3060 via sglang (>=0.1.26 <=0.4.6.post5)
sglang PYPI version =0.1.26, =0.4.0, =0.6.0 - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3060 Source advisory: SNYK:PYTHON-SGLANG-15470991...
OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Summary openclaw had a workspace boundary bypass in workspace-only path validation: when an in-workspace symlink pointed outside the workspace to a non-existent leaf, the first write could pass validation and create the file outside the workspace. Affected Packages / Versions - Package: openclaw...
Symlink Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the validateBindMounts process. An attacker can access files or directories outside of intended boundaries by exploiting symlinked parent directories combined with...
OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths
Summary In openclaw up to and including 2026.2.23 latest npm release as of February 24, 2026, sandbox bind-source validation could be bypassed when a bind source used a symlinked parent plus a non-existent leaf path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.24...
GHSA-M8V2-6WWH-R4GC OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths
Summary In openclaw up to and including 2026.2.23 latest npm release as of February 24, 2026, sandbox bind-source validation could be bypassed when a bind source used a symlinked parent plus a non-existent leaf path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.24...