GHSA-f934-5rqf-xx47

Suggest an improvement
Source
https://github.com/advisories/GHSA-f934-5rqf-xx47
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-f934-5rqf-xx47/GHSA-f934-5rqf-xx47.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-f934-5rqf-xx47
Downstream
Published
2026-04-17T22:33:33Z
Modified
2026-04-17T22:48:46.231298Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths
Details

Summary

The QMD backend memory_get read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set.

Impact

When the QMD backend was enabled, a caller with access to memory_get could read arbitrary *.md files under the configured workspace root, even when those files were not canonical memory files and had not been returned by QMD search. Severity remains low because exploitation requires access to the memory tool surface and is limited to workspace Markdown files, but it bypassed the intended memory-path policy.

Affected versions

  • Affected: < 2026.4.15
  • Patched: 2026.4.15

Fix

OpenClaw 2026.4.15 restricts QMD reads to canonical memory paths or previously indexed QMD workspace paths. Workspace containment alone is no longer sufficient.

Verified in v2026.4.15:

  • extensions/memory-core/src/memory/qmd-manager.ts rejects non-default workspace Markdown paths unless they match an indexed QMD workspace read path.
  • extensions/memory-core/src/memory/qmd-manager.test.ts covers QMD session search-result reads and the read-path restriction behavior.

Fix commit included in v2026.4.15 and absent from v2026.4.14:

  • 37d5971db36491d5050efd42c333cbe0b98ed292 via PR #66026

Thanks to @zsxsoft, Keen Security Lab, and @qclawer for reporting this issue.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-17T22:33:33Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "nvd_published_at": null
}
References

Affected packages

npm / openclaw

Package

Name
openclaw
View open source insights on deps.dev
Purl
pkg:npm/openclaw

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2026.4.15

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-f934-5rqf-xx47/GHSA-f934-5rqf-xx47.json"