Lucene search
+L

18 matches found

cvelist
cvelist
added 6 days ago32 views

CVE-2026-15331 zhayujie CowAgent Skill Installation service.py _add_package path traversal

A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function addurl/addpackage of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated...

5.5CVSS0.00378EPSS
Exploits0References9
cve
cve
added 6 days ago7 views

CVE-2026-15331

The CVE-2026-15331 vulnerability affects zhayujie CowAgent up to 2.1.0. The issue resides in the Skill Installation Handler’s component, specifically the _add_url/_add_package functions in agent/skills/service.py, where manipulation of the Name argument enables path traversal. A remote attack is ...

5.5CVSS5.7AI score0.00378EPSS
Exploits0References9
euvd
euvd
added 2026/07/02 4:57 p.m.11 views

EUVD-2026-36325

OpenClaw: Workspace .env could override Homebrew executable selection for skill install flows...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/11 8:10 p.m.23 views

CVE-2026-53819 OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS6.1AI score0.00298EPSS
Exploits0References2
osv
osv
added 2026/06/11 8:10 p.m.3 views

CVE-2026-53819 OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.7CVSS6.6AI score0.00298EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/06/11 12:0 a.m.17 views

OpenClaw 权限许可和访问控制问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.27 had code-related vulnerabilities. These vulnerabilities stemmed from issues with code execution during the skill installation process. The workarea.env file could override th...

8.8CVSS6.3AI score0.00298EPSS
Exploits0References2
euvd
euvd
added 2026/03/21 3:31 a.m.3 views

EUVD-2026-13937

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References4
nvd
nvd
added 2026/03/21 1:17 a.m.5 views

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS0.00132EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/21 12:42 a.m.33 views

CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS0.00132EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References4
cve
cve
added 2026/03/21 12:42 a.m.17 views

CVE-2026-32044

OpenClaw is affected in versions prior to 2026.3.2 by an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks used for other formats. An attacker can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causin...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS6AI score0.00132EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/03/21 12:0 a.m.9 views

PT-2026-26727

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/02/21 1:30 a.m.11 views

CVE-2026-27008

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...

6.8CVSS5.4AI score0.00166EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/20 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an unspecified vulnerability that stems from insufficient validation of the targetDir value during download skill installation, which can be exploited by an attacker to cause files to be written outsid...

6.8CVSS5.8AI score0.00166EPSS
Exploits0References4
github
github
added 2026/02/18 10:44 p.m.11 views

OpenClaw hardened the skill download target directory validation

Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.14 - Fixed in: planned release 2026.2.15 Impact A bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In th...

6.8CVSS5.4AI score0.00166EPSS
Exploits0References6Affected Software1
thn
thn
added 2020/08/13 9:59 a.m.5 views

Amazon Alexa Bugs Could've Let Hackers Install Malicious Skills Remotely

Attention! If you use Amazon's voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely. Check Point cybersecurity researchers—Dikla Barda, Roman Zaikin and Yaara Shriki—today...

5.7AI score
Exploits0
Rows per page
Query Builder