CVE-2026-54158

SiYuan CVE-2026-54158: A stored XSS in the attribute-view cell renderer (genAVValueHTML) can break out of its tag with crafted values in text/url/phone/mAsset, potentially leading to RCE in Electron if nodeIntegration is enabled. The issue persists in AV files under the workspace and propagates a...

CVE-2025-66389

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

CVE-2026-46580

Theia before v1.71.0 loads files matching .prompts/*.prompttemplate from a workspace, allowing attacker-controlled content to override the AI agent’s system prompts (indirect prompt injection). This enables attack chains with untrusted workspaces, potentially causing data exfiltration via Markdow...

CVE-2026-53864

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...

CVE-2026-53864 OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...

PT-2026-48749

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.27 Description An arbitrary code execution issue exists in skill install flows. This occurs because workspace .env files can override the Homebrew executable selection, allowing attackers with access to truste...

Directory Traversal

SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper handling of double URL decoding in the serveExport function, which allows an attacker to use double-encoded traversal sequences to read arbitrary files from the workspace...

CVE-2026-41894

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

EUVD-2026-25626

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

CVE-2026-41894

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

SiYuan 路径遍历漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.5 contained a path traversal vulnerability. This vulnerability arose from the fix of CVE-2026-30869, where only blacklist checks were added, and the redundant calls to the...

PT-2026-35066

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

GHSA-HJH7-R5W8-5872 SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869)

Summary The fix for CVE-2026-30869 in SiYuan v3.5.10 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding %252e%252e to traverse directories and read arbitrary...

SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869)

Summary The fix for CVE-2026-30869 in SiYuan v3.5.10 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding %252e%252e to traverse directories and read arbitrary...

CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-32002

OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...

CVE-2026-32002

OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

GHSA-QXH4-J39M-QFX4 Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...