GHSA-qmwg-qprg-3j38: OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads

April 17, 2026

Browser interaction routes could pivot into local CDP and regain file reads.

References

github.com/advisories/GHSA-qmwg-qprg-3j38
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3
github.com/openclaw/openclaw/pull/63226
github.com/openclaw/openclaw/security/advisories/GHSA-qmwg-qprg-3j38

Code Behaviors & Features

Detect and mitigate GHSA-qmwg-qprg-3j38 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →