CVE-2026-33572

Summary

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.2.17affected
OpenClawOpenClaw2026.2.17unaffected

Weaknesses

  • CWE-378: Creation of Temporary File With Insecure Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References