CVE-2026-53766

CVE-2026-53766 affects Chrome DevTools for agents (chrome-devtools-mcp). The issue arises because MCP's validatePath() uses path.resolve() to enforce workspace roots; path.resolve() does not canonicalize symbolic links, allowing a symlink within a configured root to point to a file outside that r...

CVE-2026-49957

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remoteterminalworkspacecandidate...

CVE-2026-49957

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remoteterminalworkspacecandidate...

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.269 contained a path traversal vulnerability. This vulnerability stemmed from an issue with bypassing workspace boundaries, which could allow authentication attackers t...

SUSE CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

EUVD-2026-29141

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...

CVE-2026-44996

OpenClaw vulnerability CVE-2026-44996 affects versions before 2026.4.15. The webchat audio embedding helper fails local media root containment checks, allowing an attacker to influence ReplyPayload.mediaUrl to resolve absolute local paths or file URLs, read audio-like files, and embed them base64...

CVE-2026-44996 OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...

CVE-2026-34604

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

GHSA-FQCM-97M6-W7RM OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset

Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was...

PT-2026-26016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.24 Description OpenClaw versions before 2026.2.24 contain a local media root bypass in the sendAttachment and setGroupIcon message actions when sandboxRoot is not configured. This allows attackers to read...