CVE-2026-32982

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to logs and error surfaces.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2026-32982

Affected Products

Openclaw

CVE-2026-32982

Weakness Enumeration

Related Identifiers

Affected Products

References · 4