Openclaw · Openclaw · CVE-2026-33572
**Name of the Vulnerable Software and Affected Versions**
OpenClaw versions prior to 2026.2.17
**Description**
OpenClaw creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. An attacker with local access can read these transcript files and extract sensitive information, including secrets from tool output.
**Recommendations**
Update OpenClaw to version 2026.2.17 or later.