CVE-2026-33572 in OpenClawinfo

Summary

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.

Responsible

VulnCheck

Reservation

03/23/2026

Disclosure

03/29/2026

Entries

Published	Base	Temp	Vulnerability	CWE	Prod	Exp	Cou	EPSS	CTI	CVE
03/29/2026	6.8	6.7	OpenClaw JSONL File temp file	378	Artificial Intelligence Software	Not defined	Official fix	0.00000	5.33	CVE-2026-33572

Show more

Description
Changes
Cyber Threat Intelligence
API/JSON

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!