Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.5 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 7:37 p.m.10 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS0.00326EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:10 p.m.15 views

CVE-2026-41911

CVE-2026-41911 affects the OpenClaw project: OpenClaw prior to 2026.4.8 contains a filesystem policy bypass during docx upload processing that allows local file reads outside the workspace boundaries. Attackers can exploit the upload_file and upload_image endpoints to access files beyond the inte...

6.5CVSS5.3AI score0.00326EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/28 6:10 p.m.30 views

CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35793

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8 Description A filesystem policy bypass exists in the processing of docx uploads, enabling local file reads outside of workspace boundaries. This allows attackers to access files beyond the intended...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/09 5:36 p.m.11 views

OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)

Impact Feishu docx uploadfile/uploadimage Bypasses Workspace-Only Filesystem Policy GHSA-qf48-qfv4-jjm9 Incomplete Fix. Feishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks. OpenClaw is a user-controlled local assistant. This...

6.5CVSS5.9AI score0.00326EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder