Lucene search
K

7 matches found

EUVD
EUVD
added 2026/04/10 12:30 a.m.7 views

EUVD-2026-21141

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/04/09 10:16 p.m.13 views

CVE-2026-35644

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.3 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/04/09 9:27 p.m.24 views

CVE-2026-35644

OpenClaw before 2026.3.22 has an information disclosure vulnerability that allows attackers with operator.read scope to exfiltrate credentials embedded in channel baseUrl and httpUrl fields..adversaries can retrieve sensitive authentication information from gateway snapshots via config.get and ch...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.23 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00193EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 9:15 p.m.6 views

GHSA-PPWQ-6V66-5M6J OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status

Summary Read-scoped gateway snapshots could expose credentials embedded in channel baseUrl and related endpoint fields. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2 630f1479c44f78484dfa21bb407cbe6f171dac87 - Latest...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 9:15 p.m.4 views

Insufficiently Protected Credentials

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the config.get and channels.status processes. An attacker can obtain sensitive credentials by accessing gateway snapshots that include unredacted...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References3
Rows per page
Query Builder