8 matches found
EUVD-2026-17024
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output...
GHSA-9Q8J-CHC7-WPGP Duplicate Advisory: OpenClaw session transcript files were created without forced user-only permissions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vr7j-g7jv-h5mp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing loca...
Duplicate Advisory: OpenClaw session transcript files were created without forced user-only permissions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vr7j-g7jv-h5mp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing loca...
CVE-2026-33572
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output...
CVE-2026-33572 OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output...
CVE-2026-33572
OpenClaw is affected by CVE-2026-33572 prior to version 2026.2.17, where session transcript JSONL files are created with overly broad default permissions. This allows local attackers with access to read transcript contents and potentially extract sensitive information, including secrets from tool...
Incorrect Permission Assignment for Critical Resource
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the creation of session transcript files with overly broad default permissions. An attacker can access sensitive transcript...
GHSA-VR7J-G7JV-H5MP OpenClaw session transcript files were created without forced user-only permissions
openclaw created new session transcript JSONL files with overly broad default permissions in affected releases. On multi-user hosts, other local users or processes could read transcript contents, including secrets that might appear in tool output. Affected Packages / Versions - Package: openclaw...