4 matches found
CVE-2026-26329
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs...
CVE-2026-26329 OpenClaw has a path traversal in browser upload allows local file read
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs...
CVE-2026-26329
OpenClaw contains a path traversal in the browser tool upload action that allows an authenticated user to read arbitrary files on the Gateway host by supplying absolute or traversal paths. This existed prior to version 2026.2.14; the server passed user-supplied paths to Playwright's setInputFiles...
Exploit for Unrestricted Upload of File with Dangerous Type in Amentotech Workreap
CVE-2021-24499 Mass exploitation of CVE-2021-24499 unauthentic...