GHSA-5799-3XG7-RFRV Duplicate Advisory: OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fv94-qvg8-xqpw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote...

CVE-2026-41364

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host...

CVE-2026-41526

In KDE KCoreAddons prior to 6.25, the KShell::quoteArgs function intended to safely quote arguments for shell commands does not correctly handle metacharacters, enabling possible shell escapes. The issue affects applications using this path to process user input in security-critical contexts, not...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

EUVD-2026-26004

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

Juniper Junos OS Vulnerability (JSA75724)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75724 advisory. - A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon sshd instances, of Juniper Networks Junos OS...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

This Week in Spring - April 28th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! As I write this, I'm on PTO in beautiful Santorini, Greece, catching up on some news and about to cruise the islands for some sightseeing. There's nothing quite like springtime in the Mediterranean! I couldn't dream of enjoyin...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a privilege escalation vulnerability that allowed attackers to bypass the execution allowlist, enabling...

PT-2026-35678

Name of the Vulnerable Software and Affected Versions KDE KCoreAddons versions prior to 6.25 Description The KShell::quoteArgs function is designed to safely quote arguments for shell commands. However, it fails to adequately handle metacharacters, which can lead to a shell escape. Applications...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

PT-2026-35776

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An exec allowlist bypass allows attackers to inherit allowlist trust through shell init-file wrapper invocations. By utilizing shell options such as --rcfile, --init-file, and --startup-file,...

Microsoft Windows Protection Mechanism Failure Vulnerability

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-41364

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host...

JLSEC-2026-229 In addition to the c_rehash shell command injection identified in CVE-2022-1292, further...

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

JLSEC-2026-228 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection....

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

CLSA-2026-1777306218 Fix CVE(s): CVE-2026-33412

SECURITY UPDATE: Command injection via newline in glob - debian/patches/CVE-2026-33412.patch: add '\n' to SHELLSPECIAL in src/osunix.c so newlines in glob patterns are shell-escaped before mchexpandwildcards hands the string to the user's shell - CVE-2026-33412...

Joern 4.0.528

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...