CVE-2026-50548 Cursor Desktop sandbox escape via agent-controlled working directory

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the workingdirectory parameter, which could...

SUSE CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

CVE-2026-41863 LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

Directory Traversal

Overview org.springframework.ai:spring-ai-anthropic is an Anthropic models support Affected versions of this package are vulnerable to Directory Traversal via filename handling in the API support. An attacker can perform path traversal by supplying LLM-influenced filenames that are used unsanitiz...

CVE-2026-35454

The CVE-2026-35454 affects coder/code-marketplace (Code Extension Marketplace) up to version 2.4.1. A Zip Slip/path-traversal vulnerability arises in the ExtractZip logic where raw zip entry names are passed to a callback that writes files via filepath.Join without boundary checks, allowing paths...

CVE-2026-27670

OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding...

PT-2026-22744

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

PT-2026-27225

Summary ZIP extraction in OpenClaw could be raced into writing outside the intended destination directory via parent-directory symlink rebind between validation and write. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: = 2026.3.1 - Latest published vulnerable version...

PT-2026-23534

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The software contains a path traversal issue in sandbox skill mirroring when the skill frontmatter name parameter is used without proper sanitization during skill copying into the sandbox...

EUVD-2026-8753

Vikunja has Path Traversal in CLI Restore...

apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

EUVD-2026-5156

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

pnpm has Windows-specific tarball Path Traversal

Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators, enabling path traversal. This vulnerability...

rsync: Path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2210)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

BIT-LIBPYTHON-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

SUSE-SU-2025:02427-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

Security update for python36

This update for python36 fixes the following issues: CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

tar-fs has issue where extract can write outside the specified dir with a specific tarball

...