Which versions of OpenClaw are affected by CVE-2026-43528?

OpenClaw gateway versions prior to 2026.4.14 contain an authentication bypass in credential redaction that allows authorized configuration readers to extract unencrypted API keys, authentication…. A patch is available.

OpenClaw CVE-2026-43528

Q: What is the CVSS score of CVE-2026-43528?

CVE-2026-43528 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-27267 HIGH

Improper Removal of Sensitive Information Before Storage or Transfer (CWE-212)

2026-05-05 VulnCheck

GHSA-8372-7vhw-cm6q

Authentication Bypass

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 05, 2026 - 12:51 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 05, 2026 - 12:37 vuln.today

cvss_changed

Severity Changed

May 05, 2026 - 12:37 NVD

MEDIUM HIGH

CVSS changed

May 05, 2026 - 12:37 NVD

6.5 (MEDIUM) 7.1 (HIGH)

Source Code Evidence Fetched

May 05, 2026 - 12:21 vuln.today

Analysis Generated

May 05, 2026 - 12:21 vuln.today

DescriptionNVD

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication material, and channel credentials that should have been redacted.

AnalysisAI

Authenticated configuration readers in OpenClaw gateway deployments can extract unredacted sensitive credentials through alias field bypass in versions prior to 2026.4.14. Attackers with legitimate config read permissions exploit sourceConfig and runtimeConfig alias fields to obtain provider API keys, gateway authentication tokens, and channel credentials that the redaction mechanism fails to sanitize. …

RemediationAI

Within 24 hours: Identify all OpenClaw deployments and document current version numbers and which internal users/service accounts possess config read permissions. Within 7 days: Upgrade all OpenClaw instances to version 2026.4.14 or later; apply principle of least privilege to restrict config read access to only essential roles. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-43528 vulnerability details – vuln.today

Back

OpenClaw CVE-2026-43528

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

OpenClaw CVE-2026-43528

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code