Platform
nodejs
Component
openclaw
Fixed in
2026.2.17
2026.2.17
CVE-2026-33572 is a high-severity vulnerability affecting openclaw, a Node.js package. This vulnerability allows unauthorized local users or processes to read session transcript files, potentially exposing sensitive information contained within. Versions of openclaw prior to 2026.2.17 are vulnerable, while versions 2026.2.17 and later have been patched.
The core of the vulnerability lies in the overly broad default permissions assigned to newly created session transcript JSONL files. In multi-user environments, this means that other local users or processes on the same host can gain access to these files. Session transcripts can contain a wide range of data, including secrets or credentials that might be inadvertently logged by tools used within the openclaw sessions. Successful exploitation could lead to the compromise of sensitive data and potentially broader system access if exposed secrets are leveraged.
This vulnerability was publicly disclosed on 2026-03-16. There is currently no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept exploits have been released. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to openclaw version 2026.2.17 or later. If upgrading is not immediately feasible, consider restricting file permissions on the session transcript files to only the user running openclaw. This can be achieved through standard operating system file permission controls. Monitor system logs for unusual file access patterns. After upgrading, confirm the fix by creating a new openclaw session and verifying that the transcript file is only accessible by the intended user.
Update OpenClaw to version 2026.2.17 or later. This version corrects the permissions of session transcript files, preventing unauthorized local users from accessing sensitive information.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33572 is a high-severity vulnerability in openclaw affecting versions up to 2026.2.15. It allows local users to read session transcript files, potentially exposing secrets.
You are affected if you are using openclaw version 2026.2.15 or earlier. Versions 2026.2.17 and later are not vulnerable.
Upgrade to openclaw version 2026.2.17 or later. As a temporary workaround, restrict file permissions on the session transcript files.
There is currently no evidence of active exploitation of CVE-2026-33572.
Refer to the openclaw project's repository and npm package page for updates and advisories related to CVE-2026-33572.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.