OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host

Summary SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real in shipped v2026.3.28: SSH sandbox tar upload lacked pre-upload symlink escape rejection until 3d5af14984 on...

GHSA-FV94-QVG8-XQPW OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host

Summary SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real in shipped v2026.3.28: SSH sandbox tar upload lacked pre-upload symlink escape rejection until 3d5af14984 on...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the process.env variable being passed unsanitized to child processes. An attacker can influence the environment of...

GHSA-J9PV-RRCJ-6PFX OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes

Summary SSH-based sandbox backends pass unsanitized process.env to child processes Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env...

OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes

Summary SSH-based sandbox backends pass unsanitized process.env to child processes Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env...

CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada, designed for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection hijacking,...

PT-2026-29811

Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...

Cisco Integrated Management Controller 命令注入漏洞

The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...

Study of Post Quantum Status of Widely Used Protocols

The advent of quantum computing poses significant threats to classical public-key cryptographic primitives such as RSA and elliptic-curve cryptography. As many critical network and security protocols depend on these primitives for key exchange and authentication, there is an urgent need to...

CVE-2026-4851 GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls RPC over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary...

[SECURITY] Fedora 42 Update: php-phpseclib-2.0.52-1.fc42

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

Security update for docker-stable

This update for docker-stable fixes the following issues: CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

CVE-2026-33724

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-20083

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

CVE-2026-32846 OpenClaw < 2026.3.28 Media Parsing Path Traversal to Arbitrary File Read

OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...