← voltar
CVE-2026-33572

OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files

CVSS 6.8 MEDIUMEPSS 0.1%CWE-378
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/commit/095d522099653367e1b76fa5bb09d4ddf7c8a57chttps://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-g7jv-h5mphttps://www.vulncheck.com/advisories/openclaw-insufficient-file-permissions-in-session-transcript-files