PT-2026-56484 · Openclaw · Openclaw

Harish Kolla

·

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-59261

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59261

Affected Products

Openclaw