PT-2026-28496 · Openclaw · Openclaw

Hsongkai11

·

Publicado

2026-03-16

·

Atualizado

2026-03-29

·

CVE-2026-33572

CVSS v3.1

8.4

Alta

VetorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.17
Description OpenClaw creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. An attacker with local access can read these transcript files and extract sensitive information, including secrets from tool output.
Recommendations Update OpenClaw to version 2026.2.17 or later.

Correção

Incorrect Default Permissions

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276CWE-378CWE-732

Identificadores relacionados

CVE-2026-33572
GHSA-9Q8J-CHC7-WPGP
GHSA-VR7J-G7JV-H5MP

Produtos afetados

Openclaw