251 matches found
CVE-2026-33581 OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters
OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidate...
CVE-2026-33581 OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters
OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidate...
PT-2026-29261
OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidate...
CVE-2026-27523
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
ROS-20260323-73-0007
A vulnerability in the loadglobalrootsobjectid function of the Linux kernel is related to a pointer dereferencing error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
webpki-roots (>=0.26.0-alpha.0 <=0.26.0-alpha.1) potentially affected by unknown CVE via rustls-webpki (=0.102.8)
rustls-webpki CARGO version =0.102.8 is affected by a known vulnerability. The following packages have a transitive dependency on rustls-webpki and may be impacted: - webpki-roots =0.26.0-alpha.0, =0.26.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:GHSA-PWJX-QHCG-RVJ4...
webpki-roots (>=0.26.0-alpha.0 <=0.26.0-alpha.1) potentially affected by unknown CVE via rustls-webpki (=0.102.8)
rustls-webpki CARGO version =0.102.8 is affected by a known vulnerability. The following packages have a transitive dependency on rustls-webpki and may be impacted: - webpki-roots =0.26.0-alpha.0, =0.26.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0049...
CVE-2026-27523 OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
CLSA-2026-1773684237 Update of alt-php
Update ca-certificates database to 20260305: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.84. - The following certificates were added: Certificate "TrustAsia TLS ECC Root CA" Certificate "TrustAsia TLS RSA Root CA" Certificate "SwissSign RSA TLS Roo...
CVE-2025-15576
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...
Golang 1.26.x < 1.26.1 Multiple Vulnerabilities
The version of Golang running on the remote host is prior to 1.26.1. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - When verifying a certificate chain which contains a certificate containing multiple email address constraints composed of the full email...
EUVD-2026-9908
OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...
CLSA-2026-1772643782 Update of nss
update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "ePKI Root Certification Authority" - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go...
PT-2026-26407
Summary Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root. Affected Packages / Versions - Package: openclaw npm - Latest published version verified during triage: 2026.2.23 - Affected versions: = 2026.2.24 Detail...
GHSA-HFFM-G8V7-WRV7 Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed
Summary Two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA,...
GHSA-RWJ8-P9VQ-25GV OpenClaw has a LFI in BlueBubbles media path handling
Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via mediaPath and could read arbitrary local files from disk before sending them as media attachments. Details When sendBlueBubblesMedia received a non-HTTP media source, the previous implementation resolved it ...
OpenClaw has a LFI in BlueBubbles media path handling
Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via mediaPath and could read arbitrary local files from disk before sending them as media attachments. Details When sendBlueBubblesMedia received a non-HTTP media source, the previous implementation resolved it ...
GHSA-GQ9C-WG68-GWJ2 OpenClaw has a path traversal in browser trace/download output paths may allow arbitrary file writes
Summary OpenClaw’s browser control API accepted user-supplied output paths for trace/download files without consistently constraining writes to OpenClaw-managed temporary directories. Impact If an attacker can access the browser control API, they could attempt to write trace/download output files...
CLSA-2026-1771411317 Update of ca-certificates
update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...
CLSA-2026-1771412648 Update of alt-php
Update ca-certificates database to 20260210: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "ePKI Root Certification Authority" - The following certificates were added: Certificate "TrustAsia...