CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

CVE-2026-40515

OpenHarness (before commit bd4df81) contains a permission bypass due to incomplete path normalization in the permission checker. Attackers can invoke built‑in grep and glob tools with root directories that aren’t properly evaluated against configured path rules, enabling disclosure of sensitive l...

CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

PT-2026-33463

Name of the Vulnerable Software and Affected Versions OpenHarness versions prior to commit bd4df81 Description Incomplete path normalization in the permission checker allows attackers to bypass permissions and read sensitive files. By invoking the built-in grep and glob tools with sensitive root...

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open source in nature. There is a security vulnerability in OpenHarness; this vulnerability stems from incomplete path normalization in the permission checker, which may lead to access to sensitive files...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the gettemplate function. An attacker can access arbitrary files readable by the process by supplying a specially crafted URI with a double-slash prefix, which bypasses path normalization checks. Note: This is...

OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex Use of patterns that can be widened by attacker-controlled suffixes, such as ^/foo/./bar$ causing potential...

Hono: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

OpenClaw Input Validation Error Vulnerability

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the matchesExecAllowlistPattern function performing lowercase conversions and wildcard matching on POSIX paths when normalizing patterns, resulting in a...

PT-2026-31280

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

PT-2026-31281

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

EUVD-2026-18436

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

UBUNTU-CVE-2026-32725

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

CVE-2026-32725

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

BIT-MASTODON-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...

scitokens 安全漏洞

Scitokens is an open-source science computing token library developed by SciTokens. Versions of Scitokens prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the library’s practice of normalizing path components within tokens before authorization, which could lea...

CVE-2026-32973 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...