Main Vulnerability Database Vulnerabilities #VU132720

Incorrect permission assignment for critical resource in OpenClaw - #VU132720

Published: May 29, 2026

Vulnerability identifier: #VU132720

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to incorrect permission assignment for critical resource in the memory-wiki ingest feature when handling plugin tool requests that specify local file paths. A remote user can supply an arbitrary local file path to disclose sensitive information.

Only the named feature and configuration are affected, and exploitation requires the feature to be enabled and reachable through the Gateway plugin tool with operator.write access.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-p2fh-f5fc-44hr

Incorrect permission assignment for critical resource in OpenClaw - #VU132720

Detailed vulnerability description

Remediation

Sources

Please verify you're human