CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

PT-2026-26792

Name of the Vulnerable Software and Affected Versions: pyLoad versions 0.4.0 through 0.5.0b3.dev96 Description: pyLoad, a free and open-source download manager written in Python, contains a flaw in the set config value API endpoint. Users with the non-admin SETTINGS permission can modify any...

CVE-2026-32026

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...

CVE-2026-32016

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

CVE-2026-32016

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

CVE-2026-32026 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...

EUVD-2026-13300

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...

CVE-2026-32026

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...

CVE-2026-32026 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate...

CVE-2026-32026

The CVE-2026-32026 issue affects OpenClaw before version 2026.2.24, where improper path validation in sandbox media handling permits access to absolute paths under the host temporary directory outside the active sandbox root. Exploitation via malicious media references in attachment delivery can ...

EUVD-2026-13281

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability caused by a path validation bypass flaw in the exec approval distribution list pattern on macOS. An attacker can exploit the vulnerability to execute arbitrary commands on th...

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Path Validation Improperity vulnerability, which is caused by an incorrect path validation flaw in sandboxed media handling. An attacker can exploit the vulnerability to traverse a directory on a...

EUVD-2026-12864

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

CVE-2026-29858

CVE-2026-29858 affects aaPanel v7.57.0, where a lack of path validation enables local file inclusion (LFI) leading to exposure of sensitive information. The linked Red Hat, ENISA, NVD, and other feeds confirm the vulnerability statement, with the underlying cause described as insufficient path va...

PT-2026-26105

CVE-2026-29858 A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure. https://t.co/WowAOqIOTR...

PT-2026-26162

Name of the Vulnerable Software and Affected Versions MLflow affected versions not specified Description A flaw exists in the pyfunc extraction process within MLflow that can allow for arbitrary file writes. This occurs because of inadequate handling of entries within tar archives, specifically...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...