AI Security Threat Feed

nbconvert: path traversal enables arbitrary file write

Langflow: cleartext auth storage exposes API keys

OpenClaw: path traversal in memory_get reads arbitrary workspace files

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure

OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads

OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement

OpenClaw: Browser tabs action select and close routes bypassed SSRF policy

OpenClaw: Nostr profile mutation routes allowed operator.write config persistence

OpenClaw: screen_record outPath bypassed workspace-only filesystem guard

OpenClaw: Browser SSRF policy default allowed private-network navigation

OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes

OpenClaw: Workspace .env could inject OpenClaw runtime-control variables

OpenClaw: Discord event cover images bypassed sandbox media normalization

OpenClaw: Empty approver lists could grant explicit approval authorization

OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input

OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms