Lucene search
K

345 matches found

Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.3 views

PT-2026-30225

prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing...

8.6CVSS6.2AI score0.00363EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/04/01 11:3 a.m.259 views

Exploit for CVE-2025-48757

Vibe Coding Security Scanner A security audit skill for AI-as...

9.3CVSS7.5AI score0.00709EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/03/28 12:0 a.m.4 views

SafeClaw-R: Towards Safe and Secure Multi-Agent Personal Assistants

LLM-based multi-agent systems MASs are transforming personal productivity by autonomously executing complex, cross-platform tasks. Frameworks such as OpenClaw demonstrate the potential of locally deployed agents integrated with personal data and services, but this autonomy introduces significant...

6.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

8.8CVSS6.2AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 3:31 a.m.3 views

EUVD-2026-13937

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References4
NVD
NVD
added 2026/03/21 1:17 a.m.5 views

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS0.00132EPSS
Exploits0References3
OSV
OSV
added 2026/03/21 1:17 a.m.4 views

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

5.5CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 12:42 a.m.17 views

CVE-2026-32044

OpenClaw is affected in versions prior to 2026.3.2 by an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks used for other formats. An attacker can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causin...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.31 views

CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.7 views

PT-2026-26727

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

6.7CVSS5.8AI score0.00132EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/20 1:15 p.m.184 views

agent-skill-poc

Agent Skill POC - LLM-driven Interactive CLI Agent An LLM-dri...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/03/12 12:30 p.m.4 views

EUVD-2026-11563

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

6.5CVSS5.7AI score0.00316EPSS
Exploits0References8
OSV
OSV
added 2026/03/12 12:30 p.m.3 views

GHSA-WGX8-R9VW-2W4H Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references. Original Description A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function...

6.3CVSS5.6AI score0.00316EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/12 12:30 p.m.8 views

Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references. Original Description A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function...

8.8CVSS5.6AI score0.00316EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/03/12 12:15 p.m.5 views

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

8.8CVSS0.00316EPSS
Exploits0References7
OSV
OSV
added 2026/03/12 12:15 p.m.4 views

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

8.8CVSS5.7AI score
Exploits0References7
Cvelist
Cvelist
added 2026/03/12 12:2 p.m.26 views

CVE-2026-4039 OpenClaw Skill Env applySkillConfigenvOverrides code injection

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

6.5CVSS0.00316EPSS
Exploits0References7
CVE
CVE
added 2026/03/12 12:2 p.m.17 views

CVE-2026-4039

Summary: CVE-2026-4039 affects OpenClaw 2026.2.19-2, specifically the Skill Env Handler’s function applySkillConfigenvOverrides, allowing remote code injection via manipulated environment configuration. A fix is published and the advisory notes upgrading to 2026.2.21-beta.1 (patch 8c9f35cdb51692b...

8.8CVSS5.7AI score0.00316EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder