openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools

Affected openclaw-claude-bridge v1.1.0 Issue v1.1.0 spawns the Claude Code CLI subprocess with --allowed-tools "" and the release notes + README claim this "disables all CLI tools" for sandboxing. This claim is incorrect. Per the Claude Code CLI documentation, --allowed-tools alias --allowedTools...

CVE-2026-26193 Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...

CVE-2026-26193

Open WebUI (self-hosted, offline) is affected prior to v0.6.44. The vulnerability arises from allowing manual modification of chat history to set the embeds property on a response message, which is loaded into an iframe with an aggressive sandbox (allow-scripts and allow-same-origin) that bypasse...

GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

GHSA-VVW2-H478-XWR3 DSPy does not properly restrict file reads

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

CVE-2025-12695

The CVE-2025-12695 vulnerability affects DSPy where an overly permissive sandbox around the PythonInterpreter allows reading sensitive files when running untrusted code in an AI agent. Public sources describe an arbitrary-file-read risk via the sandbox, with the affected component being DSPy’s sa...

CVE-2025-12695 Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

EUVD-2025-37741

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

The vulnerability of the isolated Sandbox software environment in the macOS operating system allows a intruder to gain unauthorized access to removable storage devices.

The vulnerability of the isolated Sandbox software environment in the macOS operating system is related to security configuration errors. Exploiting this vulnerability can allow a malicious individual to gain unauthorized access to removable storage devices...