GHSA-f934-5rqf-xx47: OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths

April 17, 2026

The QMD backend memory_get read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set.

References

github.com/advisories/GHSA-f934-5rqf-xx47
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/37d5971db36491d5050efd42c333cbe0b98ed292
github.com/openclaw/openclaw/pull/66026
github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47

Code Behaviors & Features

Detect and mitigate GHSA-f934-5rqf-xx47 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →