GHSA-6Q2V-VFWP-PVWH Duplicate Advisory: OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vhwf-4x96-vqx2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the...

Duplicate Advisory: OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vhwf-4x96-vqx2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the...

CVE-2026-33574

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...

CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...

CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...

CVE-2026-33574

OpenClaw is affected before 2026.3.8 by a path traversal in the skills download installer. The root tools directory is validated lexically but the mutable path is reused during archive download and copy, allowing a local attacker to rebind the tools-root between validation and final write and red...

PT-2026-28498

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.8 Description The software contains a path traversal issue in the skills download installer. The installer validates the tools root path but reuses a mutable path during archive download and copy operations...

GHSA-VHWF-4X96-VQX2 OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path

OpenClaw's skills download installer validated the intended per-skill tools root lexically, but later reused that mutable path while downloading and copying the archive into place. If a local attacker could rebind that tools-root path between validation and the final write, the installer could be...

OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path

OpenClaw's skills download installer validated the intended per-skill tools root lexically, but later reused that mutable path while downloading and copying the archive into place. If a local attacker could rebind that tools-root path between validation and the final write, the installer could be...

EUVD-2022-45077

Malicious code in bioql PyPI...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.10055)

The version of AHV installed on the remote host is prior to 20220304.10055. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.10055 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S...