PT-2026-38244

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An arbitrary file read issue exists in the QMD backend memory get function. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths,...

ROS-20260430-73-0005

Vulnerability in buildkit related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260417-73-0028

Vulnerability in rubygem-rack related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

OpenClaw 后置链接漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path restriction bypass vulnerability that can be exploited by an attacker to write a file to an arbitrary location...

ROS-20260310-73-0041

Vulnerability in python-jaraco-context related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

CVE-2026-24053 Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

GHSA-Q728-GF8J-W49R Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...

ROS-20260129-73-0057

Vulnerability in mariadb11.4 related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

CVE-2025-40549

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

CVE-2025-40549

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

CVE-2025-40549 SolarWinds Serv-U Path Restriction Bypass Vulnerability

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

CVE-2025-40549

SolarWinds Serv-U is affected by a Path Restriction Bypass vulnerability (CVE-2025-40549). Reports in multiple sources indicate that an attacker with administrative privileges could bypass directory restrictions and execute code on a directory, effectively enabling remote code execution. The issu...

CVE-2025-40549 SolarWinds Serv-U Path Restriction Bypass Vulnerability

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

EUVD-2025-197928

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

CVE-2025-54794

CVE-2025-54794 – Claude Code path validation bypass : Claude Code versions older than 0.2.111 expose a directory-restriction bypass due to a path validation flaw that uses prefix matching instead of canonical path comparison. Exploitation requires either a pre-existing or creatable directory shar...

CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Due to a path validation flaw using prefix matching instead of canonical path comparison, it was possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability to create a directory with the same prefix as the CWD and the...

The vulnerability of the uploadFWBinary method in the network management system for monitoring industrial networks of Siemens SINEC NMS allows a intruder to gain unauthorized access to file writing and execute arbitrary code.

The vulnerability of the uploadFWBinary method in the network management system for monitoring industrial networks of Siemens SINEC NMS is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating...

The vulnerability of the process.binding() function in the Node.js software platform allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the process.binding function in the Node.js platform is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...