4 matches found
CVE-2026-32013
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...
EUVD-2026-11150
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...
CVE-2026-24843
melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...
CVE-2026-24843
melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...