Vulnerability Description
OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths to read files outside canonical memory locations or indexed QMD result sets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.4.15 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/37d5971db36491d5050efd42c333cbe0b98ePatch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47MitigationVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-arbitrary-markdown-file-read-via-qThird Party Advisory
FAQ
What is CVE-2026-44111?
CVE-2026-44111 is a vulnerability with a CVSS score of 4.3 (MEDIUM). OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with ...
How severe is CVE-2026-44111?
CVE-2026-44111 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-44111?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.