EUVD-2026-36116

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...

@evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)

Summary The evolver fetch subcommand in index.js writes Hub-supplied bundledfiles into a directory derived from a Hub-supplied skillid. When --out is not used, the path-sanitizing regex permits . characters, allowing a skillid of .. to escape the skills/ subdirectory and resolve to the user's...

OpenClaw: screen_record outPath bypassed workspace-only filesystem guard

Summary screenrecord outPath bypassed workspace-only filesystem guard. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The node-host screen recording tool could honor an outPath outside the workspace guard, allowing an authorized tool call...