OpenClaw Backlink Vulnerability (CNVD-2026-19028)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to upload a tar archive file containing a symbolic link to escape the sandbox and overwrite files on a remote host...

PT-2026-35552

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host...

DRUPAL-CORE-2021-001

The Drupal project uses the pear Archive\Tar library, which has released a security update that impacts Drupal. For more information please see: CVE-2020-36193 Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them...

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three...

DRUPAL-CORE-2019-012

The Drupal project uses the third-party library Archive\Tar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The late...