MEDIUM 5.4 npm
Duplicate Advisory: Active Memory write scope could mutate global config
GHSA-58wc-8wrv-xp9j
Published · Modified
Description
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-x629-46cc-7xgw. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.
Ready to move
Start Securing
Free, no credit card | First findings in minutes