CVE-2026-41360 | OpenClaw up to 2026.4.1 pnpm dlx toctou (GHSA-w6wx-jq6j-6mcj)

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability was found in OpenClaw up to 2026.4.1. It has been rated as problematic. This affects an unknown part of the component pnpm dlx. This manipulation causes time-of-check time-of-use.

This vulnerability is tracked as CVE-2026-41360. The attack is restricted to local execution. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-41360 | OpenClaw up to 2026.4.1 pnpm dlx toctou (GHSA-w6wx-jq6j-6mcj)

Post correlati

CVE-2025-60791 | Easywork Enterprise 2.1.3.354 cleartext storage

CVE-2023-52117 | Metagauss ProfileGrid Plugin up to 5.6.6 on WordPress authorization

CVE-2023-52077 | nexryai nexkey prior 12.23Q4.5 API Token authorization (GHSA-pjj7-7hcj-9cpc)

CVE-2024-24335 | RT-Thread up to 5.0.2 dfs_v2 heap-based overflow (Issue 8271)