GHSA-66r7-m7xm-v49h: OpenClaw: QQBot media tags could read arbitrary local files through reply text
Summary
QQBot media tags in the openclaw package could read arbitrary local files through reply text by referencing host-local paths outside the intended media storage boundary, allowing attackers to disclose local files through outbound media handling. This vulnerability affected openclaw versions before 2026.4.10.
Solution / Mitigation
Upgrade to openclaw version 2026.4.10 or newer. The latest npm release, 2026.4.14, already includes the fix. The fix enforces the media storage boundary for all outbound QQBot local file paths, which was implemented in PR #63271.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://github.com/advisories/GHSA-66r7-m7xm-v49h
First tracked: April 17, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%