GHSA-846p-hgpv-vphc: OpenClaw: QQ Bot structured payloads could read arbitrary local files
mediumvulnerability
security
Source: GitHub Advisory DatabaseApril 7, 2026
Summary
OpenClaw versions 2026.4.1 and earlier have a vulnerability where QQ Bot structured payloads (specially formatted data sent through the bot) could read any file on the host computer by escaping the intended file directory boundaries. An attacker could craft a malicious payload to steal sensitive files that the OpenClaw process has access to.
Solution / Mitigation
Update OpenClaw to version 2026.4.2 or later. The fix restricts QQ Bot structured payload local paths (commit 2c45b06afdd6f7c621038b5419d8e661cff34a7f).
Classification
Attack SophisticationModerate
Affected Vendors
Affected Packages
openclaw@<= 2026.4.1 (fixed: 2026.4.2)
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-846p-hgpv-vphc
First tracked: April 7, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%