{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/arbitrary-file-read/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-6320"}],"_cs_exploited":false,"_cs_products":["Salon Booking System – Free Version plugin for WordPress \u003c= 10.30.25"],"_cs_severities":["high"],"_cs_tags":["arbitrary-file-read","wordpress","plugin-vulnerability","cve"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe Salon Booking System – Free Version plugin for WordPress, versions up to and including 10.30.25, contains an arbitrary file read vulnerability. This flaw stems from the plugin\u0026rsquo;s public booking flow, where it accepts attacker-controlled file-field values. These values are subsequently used as trusted paths when creating email attachments for booking confirmations. This allows an unauthenticated attacker to supply a path to any file accessible to the web server, triggering its inclusion as an attachment in the booking confirmation email, effectively enabling arbitrary file exfiltration. Exploitation requires no authentication and can be triggered remotely.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker accesses the public booking form of a WordPress site running the vulnerable Salon Booking System plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request to the booking form, injecting a file path (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e) into a file-field parameter.\u003c/li\u003e\n\u003cli\u003eThe plugin processes the booking request and stores the attacker-supplied file path.\u003c/li\u003e\n\u003cli\u003eThe plugin generates a booking confirmation email.\u003c/li\u003e\n\u003cli\u003eThe plugin uses the stored, attacker-controlled file path to attach the specified file to the confirmation email.\u003c/li\u003e\n\u003cli\u003eThe booking confirmation email, now containing the arbitrary file as an attachment, is sent to the user who initiated the booking (which could be the attacker or an unwitting third party).\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the email (if sent to the attacker) or intercepts it (if sent to a third party) and extracts the attached file.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the contents of the exfiltrated file.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthenticated attackers to read arbitrary files from the affected WordPress server. This could lead to the disclosure of sensitive information, such as configuration files, database credentials, or other confidential data. The vulnerability affects versions of the Salon Booking System plugin up to and including 10.30.25. The number of affected WordPress installations is unknown, but could be substantial given the plugin\u0026rsquo;s popularity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Salon Booking System plugin to the latest version to patch CVE-2026-6320.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs (category \u003ccode\u003ewebserver\u003c/code\u003e, product \u003ccode\u003elinux\u003c/code\u003e) for suspicious requests containing absolute or relative file paths in file-field parameters, using a detection rule similar to the ones provided below.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all user-supplied data, especially file paths.\u003c/li\u003e\n\u003cli\u003eReview and restrict file system permissions to limit the files accessible to the web server process.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-02T12:16:16Z","date_published":"2026-05-02T12:16:16Z","id":"/briefs/2026-05-wordpress-arbitrary-file-read/","summary":"The Salon Booking System WordPress plugin is vulnerable to arbitrary file read, allowing unauthenticated attackers to exfiltrate local files by manipulating file-field values in booking confirmation emails.","title":"Salon Booking System WordPress Plugin Arbitrary File Read Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-arbitrary-file-read/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["arbitrary-file-read","credential-exfiltration","openclaw","npm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003eopenclaw\u003c/code\u003e npm package, versions 2026.3.28 and earlier, contains a vulnerability related to media local roots self-whitelisting in the \u003ccode\u003eappendLocalMediaParentRoots\u003c/code\u003e function. This flaw enables a malicious model to initiate arbitrary file reads on the host system. While the tool-fs root expansion requires prior configuration, the vulnerability can still be exploited, resulting in a narrower impact than a default-critical scenario. The vulnerability was reported by @tdjackey and patched in version 2026.3.31. Defenders should ensure they are running version 2026.3.31 or later of the \u003ccode\u003eopenclaw\u003c/code\u003e package to mitigate the risk of arbitrary file read and potential credential exfiltration.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA malicious actor crafts or modifies an existing OpenClaw model.\u003c/li\u003e\n\u003cli\u003eThe model includes instructions to trigger the \u003ccode\u003eappendLocalMediaParentRoots\u003c/code\u003e function within the \u003ccode\u003esrc/media/local-roots.ts\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eDue to the self-whitelisting behavior, the function expands the allowed media parent directories, potentially including sensitive system directories.\u003c/li\u003e\n\u003cli\u003eThe model leverages the expanded directory access to request the reading of arbitrary files on the host system.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eopenclaw\u003c/code\u003e application processes the model\u0026rsquo;s file read request without proper validation due to the bypassed whitelisting.\u003c/li\u003e\n\u003cli\u003eSensitive files, such as configuration files or credential stores, are read by the application.\u003c/li\u003e\n\u003cli\u003eThe extracted data, including credentials, are then potentially exfiltrated by the malicious model.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive data or systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to read arbitrary files on the host system where the \u003ccode\u003eopenclaw\u003c/code\u003e application is running. This can lead to the exfiltration of sensitive information, including credentials, API keys, or other confidential data. While the exact number of affected installations is unknown, any system running a vulnerable version of the \u003ccode\u003eopenclaw\u003c/code\u003e package (\u0026lt;=2026.3.28) is susceptible. The impact is narrowed because the tool-fs root expansion requires prior configuration.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003eopenclaw\u003c/code\u003e npm package to version 2026.3.31 or later to remediate the vulnerability (reference: Affected Packages / Versions).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization to prevent arbitrary file paths from being processed by the \u003ccode\u003eappendLocalMediaParentRoots\u003c/code\u003e function (reference: \u003ccode\u003esrc/media/local-roots.ts\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect attempts to access sensitive files via the \u003ccode\u003eopenclaw\u003c/code\u003e application (reference: Sigma rule below).\u003c/li\u003e\n\u003cli\u003eReview and restrict the tool-fs root expansion configuration to minimize the impact of potential exploitation (reference: Current Maintainer Triage).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T02:53:58Z","date_published":"2026-04-03T02:53:58Z","id":"/briefs/2026-04-openclaw-file-read/","summary":"The openclaw package is vulnerable to arbitrary file read and credential exfiltration due to media local roots self-whitelisting in `appendLocalMediaParentRoots`, allowing a model to initiate arbitrary host file reads, potentially leading to credential exfiltration.","title":"OpenClaw Arbitrary File Read and Credential Exfiltration Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-file-read/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["i18next-fs-backend"],"_cs_severities":["high"],"_cs_tags":["path-traversal","i18next","arbitrary-file-read","arbitrary-file-write","code-execution"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eThe i18next-fs-backend library, a file system backend for the i18next internationalization framework, is vulnerable to a path traversal attack in versions prior to 2.6.4. This vulnerability arises from the unsanitized use of the \u003ccode\u003elng\u003c/code\u003e (language) and \u003ccode\u003ens\u003c/code\u003e (namespace) parameters when constructing file paths for loading and writing locale files. If an application exposes the language code to user input, an attacker can craft a malicious \u003ccode\u003elng\u003c/code\u003e or \u003ccode\u003ens\u003c/code\u003e value containing directory traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e) to escape the intended locale directory. Successful exploitation can lead to arbitrary file read, arbitrary file overwrite, and, if \u003ccode\u003e.js\u003c/code\u003e or \u003ccode\u003e.ts\u003c/code\u003e files are used for localization, arbitrary code execution. This vulnerability highlights the importance of input validation, especially when constructing file paths from user-controlled data. The vulnerability was patched in version 2.6.4.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an application using a vulnerable version of \u003ccode\u003ei18next-fs-backend\u003c/code\u003e (versions prior to 2.6.4) and exposes the language code to user input via query parameters (e.g., \u003ccode\u003e?lng=\u003c/code\u003e), cookies, or request headers.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003elng\u003c/code\u003e value containing directory traversal sequences, such as \u003ccode\u003e../../../../etc\u003c/code\u003e, to target sensitive files outside the intended locale directory.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a request to the application with the crafted \u003ccode\u003elng\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application passes the unsanitized \u003ccode\u003elng\u003c/code\u003e value to the \u003ccode\u003ei18next.t()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ei18next-fs-backend\u003c/code\u003e library interpolates the malicious \u003ccode\u003elng\u003c/code\u003e value into the \u003ccode\u003eloadPath\u003c/code\u003e configuration option, without proper validation.  For example, \u003ccode\u003eloadPath: '/locales/{{lng}}/{{ns}}.json'\u003c/code\u003e becomes \u003ccode\u003e/locales/../../../../etc/{{ns}}.json\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe backend attempts to read the file specified by the crafted path (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf successful, the contents of the targeted file are returned as a translation resource, potentially exposing sensitive information. If the attacker crafted the \u003ccode\u003elng\u003c/code\u003e or \u003ccode\u003ens\u003c/code\u003e value to point to a \u003ccode\u003e.js\u003c/code\u003e or \u003ccode\u003e.ts\u003c/code\u003e file containing malicious code, the backend will execute the file using \u003ccode\u003eeval()\u003c/code\u003e, leading to arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eAlternatively, if the application attempts to write a missing translation key using the crafted path (via \u003ccode\u003eaddPath\u003c/code\u003e), the attacker could overwrite arbitrary files on the system, potentially leading to application compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can have severe consequences. Arbitrary file read allows attackers to access sensitive data, such as configuration files, database credentials, or application source code. Arbitrary file overwrite can lead to application malfunction or complete compromise. If the application uses \u003ccode\u003e.js\u003c/code\u003e or \u003ccode\u003e.ts\u003c/code\u003e files for localization and the attacker is able to inject malicious code into those files through path traversal, arbitrary code execution can result, potentially allowing the attacker to gain full control of the server. The number of victims depends on the popularity and configuration of applications using the vulnerable \u003ccode\u003ei18next-fs-backend\u003c/code\u003e library.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003ei18next-fs-backend\u003c/code\u003e version 2.6.4 or later to patch the path traversal vulnerability as this version introduces the \u003ccode\u003eisSafePathSegment\u003c/code\u003e and \u003ccode\u003einterpolatePath\u003c/code\u003e functions to sanitize the path.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, sanitize the \u003ccode\u003elng\u003c/code\u003e and \u003ccode\u003ens\u003c/code\u003e values at the application boundary before passing them to \u003ccode\u003ei18next\u003c/code\u003e. Reject values containing \u003ccode\u003e..\u003c/code\u003e, \u003ccode\u003e/\u003c/code\u003e, \u003ccode\u003e\\\u003c/code\u003e, control characters, and limit the length to prevent path traversal as mentioned in the advisory.\u003c/li\u003e\n\u003cli\u003eIf using \u003ccode\u003e.js\u003c/code\u003e or \u003ccode\u003e.ts\u003c/code\u003e locale files, carefully review them for any suspicious or unexpected code. The advisory highlights that these files must be treated as trusted code.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing directory traversal sequences in the \u003ccode\u003elng\u003c/code\u003e or \u003ccode\u003ens\u003c/code\u003e parameters. Deploy the first Sigma rule for this purpose.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-25T12:00:00Z","date_published":"2024-01-25T12:00:00Z","id":"/briefs/2024-01-25-i18next-fs-backend-path-traversal/","summary":"i18next-fs-backend versions before 2.6.4 are vulnerable to path traversal due to insufficient sanitization of the lng and ns values, potentially allowing attackers to read arbitrary files, overwrite files, or execute code if .js or .ts locale files are in use.","title":"i18next-fs-backend Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-25-i18next-fs-backend-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Arbitrary-File-Read","version":"https://jsonfeed.org/version/1.1"}