7 matches found
OpenClaw Information Disclosure Vulnerability (CNVD-2026-13370)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability. The vulnerability stems from the fact that skills.status may return raw parsed configuration values for the skills.config path via configChecks, which can be...
CVE-2026-26326
CVE-2026-26326 affects the OpenClaw OpenClaw AI assistant. Before version 2026.2.14, the function skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for requires.config paths. The fix in 2026.2.14 stops including raw resolved conf...
CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...
CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...
Insufficiently Protected Credentials
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the skills.status function. An attacker can access sensitive configuration secrets by invoking this function with read-level privileges, which...
OpenClaw skills.status could leak secrets to operator.read clients
Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...
GHSA-8MH7-PHF8-XGFM OpenClaw skills.status could leak secrets to operator.read clients
Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...