GHSA-cqmh-pcgr-q42f: @axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

May 6, 2026

Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user’s home directory was at the conventional 0755 mode.

References

github.com/advisories/GHSA-cqmh-pcgr-q42f
github.com/getaxonflow/axonflow-openclaw-plugin
github.com/getaxonflow/axonflow-openclaw-plugin/security/advisories/GHSA-cqmh-pcgr-q42f

Code Behaviors & Features

Detect and mitigate GHSA-cqmh-pcgr-q42f with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →