Cyber Security Daily Radar

#cwe-732

共收录 3 条相关安全情报。

← 返回所有主题
INFO
ADVISORY 2026-04-29

Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

推荐 7.4
Conf: 50%
@anthropic-ai/sdk

The `BetaLocalFilesystemMemoryTool` in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes (`0o666` for files, `0o777` for directories), leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read persisted agent sta

💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 GitHub Advisory
排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | LLM 评分加成 (+0.4)
INFO EPSS 0%
ADVISORY 2026-04-28

OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in...

推荐 7.4
Conf: 50%

OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files.

💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 GitHub Advisory
排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | LLM 评分加成 (+0.4)
INFO EPSS 0%
VULNERABILITY 2026-04-28

OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers c...

推荐 3.4
Conf: 50%
CVE-2026-41366

OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files.

💡 影响/原因: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 NVD
排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)