Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the mirror mode process. An attacker can delete arbitrary remote directories by manipulating the remoteWorkspaceDir and remoteAgentWorkspaceDir configuration value...

CVE-2026-41383 OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...

CVE-2026-41383

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained a path traversal vulnerability. This vulnerability stemmed from a directory deletion vulnerability in the mirror mode, allowing attackers to delete remote directorie...

ThinPLUS 操作系统命令注入漏洞

ThinPLUS is a remote virtual workspace software from Taiwan, China-based Yuanoka Technology ThinPLUS. ThinPLUS suffers from an operating system command injection vulnerability that originates from allowing an unauthenticated, remote attacker to inject arbitrary OS commands and execute them...

Visual Studio Code Server Files Detected

Visual Studio Code is a popular source-code editor provided by Microsoft, with extensions offering a variety of extra functionality including remote workspace access via ssh. Use of this remote workflow creates a hidden directory named .vscode-server on the remote server which may be exposed with...