7 matches found
OpenClaw Information Disclosure Vulnerability (CNVD-2026-14826)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that stems from the failure of a sandbox mirroring tool to enforce the tools.fs.workspaceOnly restriction on mounted sandbox paths, which can be exploited by an...
OpenClaw 信息泄露漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that stems from the failure of a sandbox mirroring tool to enforce the tools.fs.workspaceOnly restriction on mounted sandbox paths, which can be exploited by an...
CVE-2026-28457
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...
CVE-2026-28457
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...
CVE-2026-28457
OpenClaw is affected by a path traversal vulnerability in sandbox skill mirroring that uses the frontmatter name when copying skills into the sandbox workspace. Affected versions: OpenClaw before 2026.2.14. Attackers can craft a skill package with traversal sequences (e.g., ../ or absolute paths)...
CVE-2026-28457
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...
PT-2026-23534
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The software contains a path traversal issue in sandbox skill mirroring when the skill frontmatter name parameter is used without proper sanitization during skill copying into the sandbox...