PT-2026-37014 · Openclaw · Openclaw
Keensecuritylab
+1
·
Published
2026-04-17
·
Updated
2026-05-05
·
CVE-2026-43528
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.14
Description
A redaction bypass exists that allows authenticated gateway clients with config read access to receive unredacted secrets. This occurs through the
sourceConfig and runtimeConfig alias fields, which may fail to redact sensitive information. An attacker can exploit this to obtain provider API keys, gateway authentication material, and channel credentials.Recommendations
Update to version 2026.4.14 or newer.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw