CVE-2026-42424

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

GHSA-QQQ7-4HXC-X63C OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration

Impact Shared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration. A crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media. OpenClaw is a user-controlled local assistant. This advisory is...

OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode

Summary In openclaw allowlist mode, tools.exec.safeBins trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute. Impact This is an allowlist bypass in exec policy that can lead to command execution i...

PT-2024-38204 · Panda Security · Panda Security Dome

Name of the Vulnerable Software and Affected Versions: Panda Security Dome affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the VPN process, which does not restrict DLL search to trusted paths,...