Description
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.
Published: 2026-03-29
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Information Disclosure
Action: Patch Immediately
AI Analysis

Impact

OpenClaw versions older than 2026.2.17 generate session transcript JSONL files with overly permissive default permissions. The files can be read by any local user, exposing sensitive data that the tool outputs, such as secret tokens or credentials. This is an example of insufficient file permissions (CWE‑378) that directly leads to privacy and integrity compromise.

Affected Systems

The vulnerability affects installations of OpenClaw running any release prior to 2026.2.17. All users that can access the host where the tool runs are at risk when session transcripts are produced.

Risk and Exploitability

With a CVSS score of 6.8 the severity is moderate and no EPSS data or KEV listing is available. The attack vector is local; any user with a local account that can execute OpenClaw and cause it to produce a transcript can read the resulting file because the file permissions allow wide access. The risk of exploitation is significant in multi‑user or shared environments where attackers can obtain the host or use a compromised local account.

Generated by OpenCVE AI on March 29, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.17 or later
  • If an upgrade is not immediately possible, modify the permissions of session transcript files so they are owned by the creating user and have mode 0600
  • Verify that new transcript files are created with restricted permissions
  • Monitor access logs for unauthorized reads of transcript files

Generated by OpenCVE AI on March 29, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vr7j-g7jv-h5mp OpenClaw session transcript files were created without forced user-only permissions
History

Sun, 29 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.
Title OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-378
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-01T15:33:32.741Z

Reserved: 2026-03-23T11:00:48.407Z

Link: CVE-2026-33572

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-29T13:17:02.770

Modified: 2026-03-31T17:37:29.240

Link: CVE-2026-33572

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:58:13Z

Weaknesses