exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2026-25475

4 дня назад

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. This issue has been patched in version 2026.1.30.

CVSS3: 6.5

EPSS: Низкий

GHSA-r8g4-86fx-92mq

4 дня назад

OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2026-25475 OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. This issue has been patched in version 2026.1.30.	CVSS3: 6.5	0% Низкий	4 дня назад
	GHSA-r8g4-86fx-92mq OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction	CVSS3: 6.5	0% Низкий	4 дня назад

Уязвимостей на страницу