What is GHSA-f76w-jcqf-mh5g?

GHSA-f76w-jcqf-mh5g is a security advisory published by GitHub Security Advisories with High severity. OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest...

Which CVE IDs does GHSA-f76w-jcqf-mh5g cover?

GHSA-f76w-jcqf-mh5g covers the following CVE IDs: CVE-2026-53825. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-f76w-jcqf-mh5g?

GHSA-f76w-jcqf-mh5g has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-f76w-jcqf-mh5gHighCVSS 6.5

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest...

Vendor

GitHub Security Advisories

Published

June 13, 2026

Last Modified

June 13, 2026

🔗 CVE IDs covered (1)

CVE-2026-53825 →

📋 Description

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file paths to import file content into wiki memory, bypassing access restrictions.

🔗 References (4)

https://github.com/openclaw/openclaw/security/advisories/GHSA-p2fh-f5fc-44hr
https://nvd.nist.gov/vuln/detail/CVE-2026-53825
https://www.vulncheck.com/advisories/openclaw-arbitrary-local-file-read-via-memory-wiki-ingest-with-operator-write-scope
https://github.com/advisories/GHSA-f76w-jcqf-mh5g