EUVD-2026-21141CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components.
Analysis
Credential exposure in OpenClaw gateway snapshots enables authenticated attackers with operator.read scope to extract embedded authentication tokens from channel configuration URLs. Attackers query config.get and channels.status API endpoints to retrieve gateway snapshots containing credentials in URL userinfo components of baseUrl and httpUrl fields. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenClaw deployments and identify instances running versions prior to 2026.3.22. Within 7 days: Apply vendor patch to upgrade all affected OpenClaw instances to version 2026.3.22 or later, and rotate all authentication credentials embedded in baseUrl and httpUrl configuration fields. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today