3 matches found
CVE-2026-59194
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...
CVE-2026-59194
PnPM vulnerability CVE-2026-59194 affects the patch-remove feature. A crafted patch entry could resolve outside the configured patches directory, causing patch-remove to delete an arbitrary reachable file. The issue is fixed in pnpm versions 10.34.4 and 11.7.0. The connected documents do not prov...
CVE-2026-41338
OpenClaw prior to 2026.3.31 contains a time‑of‑check/time‑of‑use (TOCTOU) vulnerability in sandbox file operations that lets attackers bypass fd‑based defenses. The issue arises from check‑then‑act patterns in apply_patch, remove, and mkdir, enabling manipulation of files between validation and e...