CVE-2026-33572— OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-33572
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
创建拥有不安全权限的临时文件
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.2.17之前版本存在安全漏洞,该漏洞源于会话记录JSONL文件默认权限过宽,可能导致本地用户读取包含敏感信息的记录内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-33572
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-33572
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-03-29 · 19 CVEs total
| CVE-2026-32922 | 9.9 CRITICAL | OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate |
| CVE-2026-32987 | 9.8 CRITICAL | OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing |
| CVE-2026-32924 | 9.8 CRITICAL | OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu |
| CVE-2026-32975 | 9.8 CRITICAL | OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist |
| CVE-2026-32973 | 9.8 CRITICAL | OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization |
| CVE-2026-32914 | 8.8 HIGH | OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints |
| CVE-2026-33573 | 8.8 HIGH | OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters |
| CVE-2026-32915 | 8.8 HIGH | OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface |
| CVE-2026-32974 | 8.6 HIGH | OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token |
| CVE-2026-32918 | 8.4 HIGH | OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool |
| CVE-2026-32978 | 8.0 HIGH | OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners |
| CVE-2026-32980 | 7.5 HIGH | OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request |
| CVE-2026-33575 | 7.5 HIGH | OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes |
| CVE-2026-32979 | 7.3 HIGH | OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approv |
| CVE-2026-32972 | 7.1 HIGH | OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.requ |
| CVE-2026-33574 | 6.2 MEDIUM | OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download |
| CVE-2026-32919 | 6.1 MEDIUM | OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands |
| CVE-2026-32923 | 5.4 MEDIUM | OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcemen |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-378
- CVE-2026-4822
Enter Software Iperius Backup Backup Service temp file - CVE-2025-46685
Dell SupportAssist OS Recovery 安全漏洞 - CVE-2025-46684
Dell SupportAssist OS Recovery 安全漏洞 - CVE-2025-34352
JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delet - CVE-2025-7647
Insecure Temporary File Handling in run-llama/llama_index
V. Comments for CVE-2026-33572
No comments yet