10 matches found
CVE-2026-44111
OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...
CVE-2026-35658
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject...
CVE-2026-35658 OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject...
CVE-2026-35658
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the image tools not adhering to the “tools.fs.workspaceOnly” restriction, which could allow attackers to...
PT-2026-31969
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject...
CVE-2026-32002
OpenClaw is affected in versions prior to 2026.2.23. The sandboxed image tool fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing reading of out-of-workspace files. Attackers can load restricted mounted images and exfiltrate them via vision model provider reque...
OpenClaw 信息泄露漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that stems from the failure of a sandbox mirroring tool to enforce the tools.fs.workspaceOnly restriction on mounted sandbox paths, which can be exploited by an...
CVE-2025-53097
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
Roo Code 注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. An injection vulnerability exists in Roo Code versions prior to 3.20.3, which stems from the searchfiles tool not restricting the reading of files outside of the VS Code workspace, which could lead to the reading of sensitive files...