Lucene search
K

17 matches found

OSV
OSV
added 2026/07/02 7:9 p.m.4 views

GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score0.00057EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 7:17 p.m.13 views

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.5CVSS0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:21 p.m.4 views

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2026/06/22 5:21 p.m.9 views

EUVD-2026-38332

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-51373

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.3.9 Description Several components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. This occurs in a file-search agent middlewar...

5.5CVSS5.8AI score0.00157EPSS
Exploits0References12
OSV
OSV
added 2026/04/18 12:55 a.m.2 views

GHSA-H39G-6X3C-7FQ9 Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment

Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...

3.8CVSS5.7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/18 12:55 a.m.10 views

Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment

Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...

5.7AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-22180

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS5.9AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/03/18 2:16 a.m.8 views

CVE-2026-22180

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS0.0013EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.2 views

CVE-2026-22180 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS5.9AI score0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 1:34 a.m.10 views

EUVD-2026-12726

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS5.9AI score0.0013EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.28 views

CVE-2026-22180 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS0.0013EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 1:34 a.m.5 views

CVE-2026-22180 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

4.8CVSS6.2AI score0.0013EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 1:34 a.m.17 views

CVE-2026-22180

OpenClaw is affected in versions prior to 2026.3.2 by a path-confinement bypass in browser output handling that allows writing outside intended root directories. The issue arises from insufficient canonical path-boundary validation in file write operations, enabling writes to arbitrary locations ...

5.3CVSS5.9AI score0.0013EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/03 9:20 p.m.6 views

GHSA-3PXQ-F3CP-JMXP OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows

Summary A path-confinement bypass in browser output handling allowed writes outside intended roots in openclaw versions up to and including 2026.3.1. The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related...

5.3CVSS5.8AI score0.0013EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 9:20 p.m.19 views

OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows

Summary A path-confinement bypass in browser output handling allowed writes outside intended roots in openclaw versions up to and including 2026.3.1. The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related...

5.3CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.7 views

PT-2026-26011

Summary A path-confinement bypass in browser output handling allowed writes outside intended roots in openclaw versions up to and including 2026.3.1. The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related...

5.3CVSS5.8AI score0.0013EPSS
Exploits0References9
Rows per page
Query Builder