4 matches found
CVE-2026-43528
OpenClaw, prior to version 2026.4.14, is affected by a redaction bypass vulnerability that lets authenticated gateway clients read unredacted secrets via the sourceConfig and runtimeConfig aliases. Attackers with config read access can obtain sensitive material such as provider API keys, gateway ...
CVE-2026-28459
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
EUVD-2026-9907
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...