Memory dreaming config persistence was reachable from operator.write commands.
openclaw>= 2026.4.5 < 2026.4.10>= 2026.4.10A write-scoped gateway path could toggle persistent memory dreaming settings through /dreaming, crossing into an admin-class configuration mutation.
The fix requires admin scope for persistent dreaming gateway toggles.
The issue was fixed in #63872. The first stable tag containing the fix is v2026.4.10, and [email protected] includes the fix.
6af17b39e11f5f35e23b7e5a5f71a7d0aa3c7310Users should upgrade to openclaw 2026.4.10 or newer. The latest npm release, 2026.4.14, already includes the fix.
Thanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.
| Score | Percentile |
|---|---|
| 0.03% | 7.49% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 4.9 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-5gjc-grvm-m88j ↗ |
| CVE | CVE-2026-43568 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | >= 2026.4.5, < 2026.4.10 | 2026.4.10 | — |