CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Github Security Blog•added 2026/04/28 12:31 a.m.•5 views

Duplicate Advisory: OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qf48-qfv4-jjm9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension...

6.5CVSS5.8AI score0.00058EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/28 12:31 a.m.•1 views

GHSA-QP56-GP47-JWJ3 Duplicate Advisory: OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image

6CVSS5.8AI score0.00058EPSS

Exploits0References3

ATTACKERKB•added 2026/04/27 11:24 p.m.•0 views

CVE-2026-41363

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...

6CVSS5.5AI score0.00058EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/27 11:24 p.m.•2 views

EUVD-2026-25943

6CVSS5.4AI score0.00058EPSS

Exploits0References2

Positive Technologies•added 2026/04/27 12:0 a.m.•3 views

PT-2026-35551

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during upload image operations to read arbitrary files outside...

6CVSS5.4AI score0.00058EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by