DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-F934-5RQF-XX47: GHSA-f934-5rqf-xx47: Arbitrary Workspace File Read via Path Restriction Bypass in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-f934-5rqf-xx47: Arbitrary Workspace File Read via Path Restriction Bypass in OpenClaw

Vulnerability ID: GHSA-F934-5RQF-XX47
CVSS Score: 4.3
Published: 2026-04-17

OpenClaw versions prior to 2026.4.14 contain an improper path limitation vulnerability in the QMD memory management component. The memory_get tool allows authenticated actors to bypass intended intra-workspace access controls and read arbitrary Markdown files stored within the application workspace.

TL;DR

A path restriction bypass in OpenClaw's QMD memory component allows authenticated attackers to read arbitrary Markdown files within the application workspace via the memory_get tool. The issue is patched in version 2026.4.14 by introducing strict contextual validation for file paths.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Class: Path Restriction Bypass (CWE-22)
  • CVSS v3.1: 4.3 Medium
  • Attack Vector: Network (Authenticated)
  • Impact: Workspace Information Disclosure
  • Exploit Status: PoC Available
  • Affected Component: QmdMemoryManager

Affected Systems

  • OpenClaw QMD Memory Manager
  • openclaw npm package
  • openclaw: < 2026.4.14 (Fixed in: 2026.4.14)

Code Analysis

Commit: 37d5971

Fix QMD memory_get restricting reads to canonical or indexed memory paths

Mitigation Strategies

  • Update the openclaw package to version 2026.4.14 or later
  • Isolate sensitive documentation and secrets from the OpenClaw workspace boundary
  • Implement application-level monitoring for anomalous memory_get tool invocations

Remediation Steps:

  1. Upgrade the openclaw dependency via npm to version 2026.4.14
  2. Audit all existing workspace directories to identify and remove sensitive data stored in Markdown format
  3. Verify that the application successfully rejects requests for files outside the memory/ directory
  4. Deploy SIEM alerting for any 'path required' errors originating from the QmdMemoryManager, which may indicate exploit attempts

References

Read the full report for GHSA-F934-5RQF-XX47 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)