top of page
perceptive_background_267k.jpg

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackā€¦

Published:

28 maart 2026 om 23:00:00

Alert date:

29 maart 2026 om 14:05:43

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools, Identity & Access

OpenClaw versions before 2026.2.17 contain a vulnerability where session transcript JSONL files are created with overly broad default permissions. This allows local users to read transcript contents and extract sensitive information including secrets from tool output. Attackers with local system access can exploit this vulnerability to access confidential data stored in session transcripts. The vulnerability has been addressed in version 2026.2.17 and above.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33572
https://github.com/openclaw/openclaw/commit/095d522099653367e1b76fa5bb09d4ddf7c8a57c
https://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-g7jv-h5mp
https://www.vulncheck.com/advisories/openclaw-insufficient-file-permissions-in-session-transcript-files

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page