Monthly
LORIS (Longitudinal Online Research and Imaging System) versions 20.0.0 through 27.0.2 and 28.0.0 allow authenticated users with publication module access to forge emails appearing to originate from LORIS by submitting a malicious baseURL parameter in POST requests, enabling email spoofing attacks against external recipients. The vulnerability requires user interaction (email recipient click) and publication module privileges but could facilitate social engineering or phishing campaigns. Fixed in versions 27.0.3 and 28.0.1.
Unauthorized read access to root-owned files via TOCTOU race condition in util-linux mount binary (versions prior to 2.41.4) allows local users with existing fstab entries to replace loop device source files with symlinks pointing to sensitive files or block devices, bypassing intended access controls. The vulnerability requires moderate exploitation effort (AC:H) and authenticated user access (PR:L) but grants disclosure of confidential data including filesystem backups and disk volumes. No public exploit code or active CISA KEV status identified at time of analysis.
Sandbox escape in macOS Sequoia prior to 15.6 allows local applications with low privileges to break containment via symlink manipulation, potentially accessing restricted system resources and user data. Apple resolved this via improved symlink handling in macOS 15.6. CVSS score of 8.7 reflects high confidentiality and integrity impact with scope change. No public exploit identified at time of analysis, though SSVC framework indicates partial technical impact with no current exploitation evidence.
Symlink race condition in Anthropic Python SDK async filesystem memory tool (versions 0.86.0-0.86.x) allows local authenticated attackers to escape sandbox restrictions and read or write arbitrary files outside the designated memory directory. The vulnerability exploits a time-of-check-time-of-use (TOCTOU) flaw where path validation occurs before symlink resolution, enabling an attacker with memory directory write access to redirect file operations via symlink manipulation. The synchronous implementation is unaffected. Vendor-released patch: version 0.87.0.
This vulnerability involves improper handling of symbolic links (symlinks) in macOS, which could allow an application to access sensitive user data without proper authorization. The issue affects multiple macOS versions including Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4, representing an information disclosure vulnerability with potential impact on user privacy. Apple has released patches to address the symlink handling deficiency, though specific attack complexity and exploitation metrics are not publicly detailed.
This vulnerability involves improper handling of symbolic links in Apple operating systems that could allow an application to access user-sensitive data without proper authorization. The flaw affects iOS and iPadOS versions prior to 26.3, macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.3 and 26.4. An attacker with the ability to execute code in a sandboxed application context could potentially bypass security restrictions to access protected user information, though no active exploitation in the wild has been confirmed at this time.
A symlink validation vulnerability in Apple's iOS, iPadOS, and macOS operating systems allows malicious applications to bypass file system protections and access sensitive user data through improper handling of symbolic links. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, and macOS Tahoe 26.4 and earlier. An attacker with the ability to install or execute an application on the affected system could leverage this weakness to read restricted files and access private user information without proper authorization.
OpenClaw before version 2026.3.2 contains a symlink traversal vulnerability in the stageSandboxMedia function that allows local attackers with limited privileges to overwrite arbitrary files outside the intended sandbox workspace. By exploiting unvalidated destination paths in media/inbound write operations, an attacker can follow symlinks to modify host files beyond sandbox boundaries, resulting in integrity compromise and potential system availability impact. A patch is available from the vendor.
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the browser trace and download output path handling that allows local attackers with limited privileges to escape the managed temporary root directory and overwrite arbitrary files on the system. An attacker can create symbolic links to redirect file writes outside the intended sandbox, resulting in information disclosure and potential system compromise through arbitrary file modification. A patch is available from the vendor, and this vulnerability requires local access with low privileges to exploit, making it a medium-severity concern for multi-user systems.
OpenClaw versions before 2026.2.22 suffer from a symlink traversal flaw in avatar processing that enables local attackers with user-level privileges to read sensitive files beyond the intended workspace directory. An attacker can leverage this through gateway interfaces to access arbitrary files with OpenClaw process permissions, resulting in unauthorized information disclosure. No patch is currently available for this vulnerability.
LORIS (Longitudinal Online Research and Imaging System) versions 20.0.0 through 27.0.2 and 28.0.0 allow authenticated users with publication module access to forge emails appearing to originate from LORIS by submitting a malicious baseURL parameter in POST requests, enabling email spoofing attacks against external recipients. The vulnerability requires user interaction (email recipient click) and publication module privileges but could facilitate social engineering or phishing campaigns. Fixed in versions 27.0.3 and 28.0.1.
Unauthorized read access to root-owned files via TOCTOU race condition in util-linux mount binary (versions prior to 2.41.4) allows local users with existing fstab entries to replace loop device source files with symlinks pointing to sensitive files or block devices, bypassing intended access controls. The vulnerability requires moderate exploitation effort (AC:H) and authenticated user access (PR:L) but grants disclosure of confidential data including filesystem backups and disk volumes. No public exploit code or active CISA KEV status identified at time of analysis.
Sandbox escape in macOS Sequoia prior to 15.6 allows local applications with low privileges to break containment via symlink manipulation, potentially accessing restricted system resources and user data. Apple resolved this via improved symlink handling in macOS 15.6. CVSS score of 8.7 reflects high confidentiality and integrity impact with scope change. No public exploit identified at time of analysis, though SSVC framework indicates partial technical impact with no current exploitation evidence.
Symlink race condition in Anthropic Python SDK async filesystem memory tool (versions 0.86.0-0.86.x) allows local authenticated attackers to escape sandbox restrictions and read or write arbitrary files outside the designated memory directory. The vulnerability exploits a time-of-check-time-of-use (TOCTOU) flaw where path validation occurs before symlink resolution, enabling an attacker with memory directory write access to redirect file operations via symlink manipulation. The synchronous implementation is unaffected. Vendor-released patch: version 0.87.0.
This vulnerability involves improper handling of symbolic links (symlinks) in macOS, which could allow an application to access sensitive user data without proper authorization. The issue affects multiple macOS versions including Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4, representing an information disclosure vulnerability with potential impact on user privacy. Apple has released patches to address the symlink handling deficiency, though specific attack complexity and exploitation metrics are not publicly detailed.
This vulnerability involves improper handling of symbolic links in Apple operating systems that could allow an application to access user-sensitive data without proper authorization. The flaw affects iOS and iPadOS versions prior to 26.3, macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.3 and 26.4. An attacker with the ability to execute code in a sandboxed application context could potentially bypass security restrictions to access protected user information, though no active exploitation in the wild has been confirmed at this time.
A symlink validation vulnerability in Apple's iOS, iPadOS, and macOS operating systems allows malicious applications to bypass file system protections and access sensitive user data through improper handling of symbolic links. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, and macOS Tahoe 26.4 and earlier. An attacker with the ability to install or execute an application on the affected system could leverage this weakness to read restricted files and access private user information without proper authorization.
OpenClaw before version 2026.3.2 contains a symlink traversal vulnerability in the stageSandboxMedia function that allows local attackers with limited privileges to overwrite arbitrary files outside the intended sandbox workspace. By exploiting unvalidated destination paths in media/inbound write operations, an attacker can follow symlinks to modify host files beyond sandbox boundaries, resulting in integrity compromise and potential system availability impact. A patch is available from the vendor.
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the browser trace and download output path handling that allows local attackers with limited privileges to escape the managed temporary root directory and overwrite arbitrary files on the system. An attacker can create symbolic links to redirect file writes outside the intended sandbox, resulting in information disclosure and potential system compromise through arbitrary file modification. A patch is available from the vendor, and this vulnerability requires local access with low privileges to exploit, making it a medium-severity concern for multi-user systems.
OpenClaw versions before 2026.2.22 suffer from a symlink traversal flaw in avatar processing that enables local attackers with user-level privileges to read sensitive files beyond the intended workspace directory. An attacker can leverage this through gateway interfaces to access arbitrary files with OpenClaw process permissions, resulting in unauthorized information disclosure. No patch is currently available for this vulnerability.