6 matches found
EUVD-2026-36613
OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the memory-wiki ingest process when an authenticated user with operator.write scope specifies arbitrary local file paths. An attacker can access sensitive local...
CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope
OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...
CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope
OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...
CVE-2026-53825
OpenClaw prior to 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature. Authenticated Gateway operators with operator.write scope can specify arbitrary local file paths to import content into wiki memory, bypassing access restrictions and reading local files ou...
PT-2026-49029
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.7 Description The memory-wiki ingest feature allows authenticated Gateway operators with operator.write scope to read local files outside of the intended ingest sources. By specifying arbitrary local file path...