AI Threat Alert AI Threat Alert

GHSA-cqmh-pcgr-q42f

GHSA-cqmh-pcgr-q42f MEDIUM
Published May 6, 2026

## Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional `0755` mode. ## Affected versions Versions 1.3.2 and below. ## Impact...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
@axonflow/openclaw npm < 2.0.0 2.0.0
4 dependents 93% patched ~0d to patch Full package profile →

Do you use @axonflow/openclaw? You're affected.

Severity & Risk

CVSS 3.1
5.5 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Attack Surface

AV AC PR UI S C I A
AV Local
AC Low
PR Low
UI None
S Unchanged
C High
I None
A None

Recommended Action

Patch available

Update @axonflow/openclaw to version 2.0.0

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is GHSA-cqmh-pcgr-q42f?

@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Is GHSA-cqmh-pcgr-q42f actively exploited?

No confirmed active exploitation of GHSA-cqmh-pcgr-q42f has been reported, but organizations should still patch proactively.

How to fix GHSA-cqmh-pcgr-q42f?

Update to patched version: @axonflow/openclaw 2.0.0.

What is the CVSS score for GHSA-cqmh-pcgr-q42f?

GHSA-cqmh-pcgr-q42f has a CVSS v3.1 base score of 5.5 (MEDIUM).

Technical Details

NVD Description

## Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional `0755` mode. ## Affected versions Versions 1.3.2 and below. ## Impact 1. **Cache and config directory mode.** The plugin's directories under `~/.config/axonflow/` and `~/.cache/axonflow/` were created with the umask-derived default mode (often `0755`) on first use and not subsequently re-validated. On systems where `~/.config/` is itself `0755`, the plugin's registration record (including a hashed credential and `instance_id`) was traversable by other local users. 2. **Credential file mode at load time.** The plugin loaded its `try-registration.json` credential file without validating that the file mode was `0600`. A registration file written by a misconfigured tool, copied across systems, or restored from backup could end up world-readable, and the plugin would silently use it. The fix restores `0700` on all plugin directories on every plugin invocation (not only first creation) and refuses to load credential files with non-`0600` modes. ## Remediation Upgrade to the patched plugin version listed under Vulnerabilities. On startup the plugin will repair existing directory modes; existing credential files with overly permissive modes will be refused, requiring the user to re-register or `chmod 0600` the file. ## Credit Identified by AxonFlow internal security review.

Weaknesses (CWE)

CWE-552 Files or Directories Accessible to External Parties Primary CWE-732 Incorrect Permission Assignment for Critical Resource Primary

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Timeline

Published
May 6, 2026
Last Modified
May 6, 2026
First Seen
May 7, 2026

Related Vulnerabilities

CRITICAL CVE-2026-30741 9.8

OpenClaw: RCE via request-side prompt injection

Same package: openclaw
CRITICAL CVE-2026-28451 9.3

OpenClaw: SSRF via Feishu extension exposes internal services

Same package: openclaw
HIGH GHSA-cwj3-vqpp-pmxr 8.8

Analysis pending

Same package: openclaw
HIGH GHSA-m3mh-3mpg-37hw 8.6

OpenClaw: .npmrc hijack enables RCE on plugin install

Same package: openclaw
HIGH CVE-2026-27001 7.8

OpenClaw: prompt injection via unsanitized workspace path

Same package: openclaw
Back to Threat Feed