Zdi-Disclosures

**Name of the Vulnerable Software and Affected Versions** OpenClaw (affected versions not specified) **Description** OpenClaw Canvas suffers from a path traversal information disclosure issue. The vulnerability allows unauthorized access to files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions OpenClaw (affected versions not specified) Description A flaw exists in the authentication function for canvas endpoints in OpenClaw, resulting from an improper implementation of authentication. This allows remote attackers to bypass authentication without needing credentials. The issue was identified as ZDI-CAN-29311. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LangGraph versions prior to 4.0.0 **Description** A Remote Code Execution issue exists in LangGraph's caching layer when applications enable cache backends inheriting from `BaseCache` and opt nodes into caching via `CachePolicy`. Prior to version 4.0.0, `BaseCache` defaults to `JsonPlusSerializer(pickle fallback=True)`. When msgpack serialization fails, cached values can be deserialized using `pickle.loads(...)`. Exploitation requires write access to the cache backend, such as a network-accessible Redis instance with weak or no authentication, shared cache infrastructure, or a writable SQLite cache file. An attacker must be able to write attacker-controlled bytes into the cache backend, which the LangGraph process later reads and deserializes. This is considered a post-compromise/post-access escalation vector. The issue is resolved in `langgraph-checkpoint` version 4.0.0 by disabling pickle fallback by default (`pickle fallback=False`). **Recommendations** Upgrade to `langgraph-checkpoint` version 4.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Music Assistant versions 2.6.3 and below **Description** Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The `/music/playlists/update` API allows users to bypass the .m3u extension enforcement and write files anywhere on the filesystem, which is exacerbated by the container running as root. This can be exploited to achieve Remote Code Execution by writing a malicious .pth file to the Python site-packages directory, which will execute arbitrary commands when Python loads. The vulnerable API endpoint is `/music/playlists/update` and the vulnerable parameter is the file upload functionality within this endpoint. **Recommendations** Update to version 2.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 25.12.0 **Description** LibreNMS, an auto-discovering PHP/MySQL/SNMP based network monitoring tool, contains a stored cross-site scripting issue in the Alert Rule API. The alert rule name is not properly sanitized, allowing injection of HTML code when creating or updating alert rules via the LibreNMS API. The vulnerable API endpoint is used for creating and updating alert rules. The `alert rule name` is the vulnerable parameter. **Recommendations** Update to version 25.12.0 or later.