Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/11 6:31 p.m.30 views

EUVD-2026-29141

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...

6.3CVSS5.9AI score0.00305EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/11 4:46 p.m.8 views

CVE-2026-44996 OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...

6.3CVSS5.9AI score0.00305EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 4:46 p.m.20 views

CVE-2026-44996

OpenClaw vulnerability CVE-2026-44996 affects versions before 2026.4.15. The webchat audio embedding helper fails local media root containment checks, allowing an attacker to influence ReplyPayload.mediaUrl to resolve absolute local paths or file URLs, read audio-like files, and embed them base64...

6.3CVSS5.9AI score0.00305EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-26016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.24 Description OpenClaw versions before 2026.2.24 contain a local media root bypass in the sendAttachment and setGroupIcon message actions when sandboxRoot is not configured. This allows attackers to read...

8.7CVSS5.9AI score0.00372EPSS
Exploits0References11
Rows per page
Query Builder