top of page
perceptive_background_267k.jpg

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. …

Published:

30 maart 2026 om 22:00:00

Alert date:

31 maart 2026 om 13:04:59

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Email & Messaging

OpenClaw before version 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function. The vulnerability exposes Telegram bot tokens in error messages when media downloads fail. The original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to logs and error surfaces. This represents a significant security risk as exposed bot tokens could allow unauthorized access to Telegram bot functionality. The vulnerability has been addressed in version 2026.3.13 and later.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-32982
https://github.com/openclaw/openclaw/commit/7a53eb7ea8295b08be137e231c9a98c1a79b5cd5
https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcj-hwhf-h378
https://www.vulncheck.com/advisories/openclaw-telegram-bot-token-exposure-in-media-fetch-error-logs

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page