Lucene search
K

7 matches found

CNVD
CNVD
added 2026/03/24 12:0 a.m.3 views

OpenClaw Information Disclosure Vulnerability (CNVD-2026-14826)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that stems from the failure of a sandbox mirroring tool to enforce the tools.fs.workspaceOnly restriction on mounted sandbox paths, which can be exploited by an...

6.5CVSS5.9AI score0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

OpenClaw 信息泄露漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that stems from the failure of a sandbox mirroring tool to enforce the tools.fs.workspaceOnly restriction on mounted sandbox paths, which can be exploited by an...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 10:16 p.m.4 views

CVE-2026-28457

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...

7.9CVSS0.00134EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 10:16 p.m.4 views

CVE-2026-28457

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...

7.9CVSS5.8AI score
Exploits0References3
CVE
CVE
added 2026/03/05 9:59 p.m.20 views

CVE-2026-28457

OpenClaw is affected by a path traversal vulnerability in sandbox skill mirroring that uses the frontmatter name when copying skills into the sandbox workspace. Affected versions: OpenClaw before 2026.2.14. Attackers can craft a skill package with traversal sequences (e.g., ../ or absolute paths)...

7.9CVSS5.9AI score0.00134EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28457

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...

5.6CVSS5.9AI score0.00134EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.3 views

PT-2026-23534

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The software contains a path traversal issue in sandbox skill mirroring when the skill frontmatter name parameter is used without proper sanitization during skill copying into the sandbox...

6.1CVSS5.8AI score0.00134EPSS
Exploits0References7
Rows per page
Query Builder