7 matches found
EUVD-2026-21141
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...
CVE-2026-35644
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...
CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...
CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...
CVE-2026-35644
OpenClaw before 2026.3.22 has an information disclosure vulnerability that allows attackers with operator.read scope to exfiltrate credentials embedded in channel baseUrl and httpUrl fields..adversaries can retrieve sensitive authentication information from gateway snapshots via config.get and ch...
Insufficiently Protected Credentials
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the config.get and channels.status processes. An attacker can obtain sensitive credentials by accessing gateway snapshots that include unredacted...
GHSA-PPWQ-6V66-5M6J OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status
Summary Read-scoped gateway snapshots could expose credentials embedded in channel baseUrl and related endpoint fields. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2 630f1479c44f78484dfa21bb407cbe6f171dac87 - Latest...