Lucene search
K

4 matches found

OSV
OSV
added 2026/03/21 3:31 a.m.5 views

GHSA-9F79-7PW8-3FJ8 Duplicate Advisory: OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mgrq-9f93-wpp5. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that...

7.6CVSS5.8AI score0.00322EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.5 views

Duplicate Advisory: OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mgrq-9f93-wpp5. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that...

8.2CVSS5.9AI score0.00322EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32055 OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check...

7.2CVSS6.1AI score0.00322EPSS
Exploits0References6
CVE
CVE
added 2026/03/21 12:42 a.m.16 views

CVE-2026-32055

OpenClaw is affected: versions prior to 2026.2.26 contain a path traversal flaw in workspace boundary validation. The boundary check may mis-resolve aliases, allowing the first write operation to escape the workspace via in-workspace symlinks to non-existent out‑of‑root targets, enabling files to...

8.2CVSS5.9AI score0.00322EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder