PT-2026-35618 · Npm · Openclaw
Publicado
2026-04-17
·
Atualizado
2026-04-17
CVSS v4.0
5.3
Média
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Summary
The QMD backend
memory get read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set.Impact
When the QMD backend was enabled, a caller with access to
memory get could read arbitrary *.md files under the configured workspace root, even when those files were not canonical memory files and had not been returned by QMD search. Severity remains low because exploitation requires access to the memory tool surface and is limited to workspace Markdown files, but it bypassed the intended memory-path policy.Affected versions
- Affected:
< 2026.4.15 - Patched:
2026.4.15
Fix
OpenClaw
2026.4.15 restricts QMD reads to canonical memory paths or previously indexed QMD workspace paths. Workspace containment alone is no longer sufficient.Verified in
v2026.4.15:extensions/memory-core/src/memory/qmd-manager.tsrejects non-default workspace Markdown paths unless they match an indexed QMD workspace read path.extensions/memory-core/src/memory/qmd-manager.test.tscovers QMD session search-result reads and the read-path restriction behavior.
Fix commit included in
v2026.4.15 and absent from v2026.4.14:37d5971db36491d5050efd42c333cbe0b98ed292via PR #66026
Thanks to @zsxsoft, Keen Security Lab, and @qclawer for reporting this issue.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw