Lucene search
K

7 matches found

CNVD
CNVD
added 2026/03/06 12:0 a.m.21 views

OpenClaw Information Disclosure Vulnerability (CNVD-2026-13370)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability. The vulnerability stems from the fact that skills.status may return raw parsed configuration values for the skills.config path via configChecks, which can be...

5.3CVSS5.8AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 10:55 p.m.26 views

CVE-2026-26326

CVE-2026-26326 affects the OpenClaw OpenClaw AI assistant. Before version 2026.2.14, the function skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for requires.config paths. The fix in 2026.2.14 stops including raw resolved conf...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/19 10:55 p.m.5 views

CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/19 10:55 p.m.21 views

CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...

5.3CVSS0.00303EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/17 9:43 p.m.4 views

Insufficiently Protected Credentials

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the skills.status function. An attacker can access sensitive configuration secrets by invoking this function with read-level privileges, which...

5.3CVSS5.7AI score0.00303EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/17 9:43 p.m.19 views

OpenClaw skills.status could leak secrets to operator.read clients

Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/17 9:43 p.m.4 views

GHSA-8MH7-PHF8-XGFM OpenClaw skills.status could leak secrets to operator.read clients

Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References6
Rows per page
Query Builder