Description
OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths to read files outside canonical memory locations or indexed QMD result sets.
Published: 2026-05-06
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the QMD backend memory_get function of OpenClaw versions prior to 2026.4.15. It permits reading any Markdown files located under the workspace root. This allows an attacker to recover potentially sensitive source code or configuration data that the application may contain. The weakness is classified as CWE-183, which reflects path traversal or relative path handling issues.

Affected Systems

OpenClaw OpenClaw is affected. All releases earlier than 2026.4.15 are vulnerable. This includes every prior minor or patch release of the 2026.4 series.

Risk and Exploitability

The CVSS score of 2.3 indicates low severity, and there is no EPSS or KEV listing for this flaw. Exploitation requires access to the memory tool, meaning the attacker must already have some level of privilege or ability to invoke privileged components. The attack vector can be inferred as a local or privileged remote execution that targets the memory_get API, bypassing path restrictions by specifying arbitrary Markdown paths. While the risk of publicly available exploits is currently low, the ability to read arbitrary files can assist in further attacks such as credential theft or privilege escalation if the read data is valuable.

Generated by OpenCVE AI on May 6, 2026 at 21:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.15 or later
  • Restrict access to the memory tool so that only authorized users can invoke the memory_get API
  • Validate and sanitize all file path inputs to memory_get, ensuring they remain within the workspace root

Generated by OpenCVE AI on May 6, 2026 at 21:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths to read files outside canonical memory locations or indexed QMD result sets.
Title OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-183
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-07T13:36:58.876Z

Reserved: 2026-05-05T11:30:46.259Z

Link: CVE-2026-44111

cve-icon Vulnrichment

Updated: 2026-05-07T13:36:52.602Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T20:16:34.907

Modified: 2026-05-06T21:20:52.707

Link: CVE-2026-44111

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T23:45:06Z

Weaknesses