Skip to main content

Openclaw CVE-2026-33572

| EUVDEUVD-2026-17024 MEDIUM
Creation of Temporary File With Insecure Permissions (CWE-378)
2026-03-29 VulnCheck
6.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Mar 29, 2026 - 13:15 euvd
EUVD-2026-17024
Analysis Generated
Mar 29, 2026 - 13:15 vuln.today
Patch released
Mar 29, 2026 - 13:15 nvd
Patch available
CVE Published
Mar 29, 2026 - 12:44 nvd
MEDIUM 6.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.2.17.

DescriptionCVE.org

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.

AnalysisAI

OpenClaw before 2026.2.17 stores session transcript JSONL files with overly permissive default file permissions, enabling local authenticated users to read transcript contents and extract sensitive information including secrets from tool output. The vulnerability requires local access and authenticated status on the system, affecting confidentiality of cached session data. No public exploit code or active exploitation has been confirmed, though the attack surface is high given the local nature and ease of file access.

Technical ContextAI

OpenClaw uses JSONL (JSON Lines) format for session transcript storage, a standard text-based format for logging structured data. The underlying issue is a file permission misconfiguration (CWE-378: Insecure Default Permissions) where transcript files are created with permissions that allow unintended local users to read contents. This occurs during session creation or logging operations. The affected CPE cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:* indicates all versions before 2026.2.17 are vulnerable. Session transcripts typically contain tool outputs, model responses, and potentially embedded credentials or secrets passed through the application, making their disclosure a significant information disclosure vector.

RemediationAI

Vendor-released patch: OpenClaw 2026.2.17 or later. Users should upgrade immediately to apply the fix, which addresses the file permission configuration issue. The upstream fix is available at https://github.com/openclaw/openclaw/commit/095d522099653367e1b76fa5bb09d4ddf7c8a57c. As an interim workaround for users unable to patch immediately, manually restrict access to session transcript directories using OS-level file permissions (e.g., chmod 700 on Linux/macOS, or restrictive ACLs on Windows) to prevent unauthorized local access. Review and secure any transcript files created prior to patching to ensure no sensitive data remains accessible.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-33572 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy