GHSA-pmf3-2q63-jmp6: Duplicate Advisory: OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)

April 10, 2026 (updated April 18, 2026)

This advisory has been withdrawn.

References

github.com/advisories/GHSA-pmf3-2q63-jmp6
github.com/openclaw/openclaw/security/advisories/GHSA-7xr2-q9vf-x4r5
nvd.nist.gov/vuln/detail/CVE-2026-35632
www.vulncheck.com/advisories/openclaw-symlink-traversal-via-identity-md-appendfile-in-agents-create-update

Code Behaviors & Features

Detect and mitigate GHSA-pmf3-2q63-jmp6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →