ГлавнаяУязвимости → CVE-2026-33572
8.4высокая

CVE-2026-33572

Описание

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.

Затрагиваемое ПО
Openclaw Openclaw
CVSS
Балл8.4 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/openclaw/openclaw/commit/095d522099653367e1b76fa5bb09d4ddf7c8a57chttps://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-g7jv-h5mphttps://www.vulncheck.com/advisories/openclaw-insufficient-file-permissions-in-session-transcript-files