OpenClaw Insufficient File Permissions Vulnerability (CVE-2026-33572)
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents and extract sensitive information.
OpenClaw before version 2026.2.17 is vulnerable to an insufficient file permissions issue. The application creates session transcript JSONL files with overly permissive default access controls. This vulnerability allows local users to read these transcript files, potentially exposing sensitive information such as secrets, API keys, passwords, or other confidential data that might be present in tool outputs or commands executed during a session. The vulnerability is identified as CVE-2026-33572…
Detection coverage 2
Detect Unauthorized Access to OpenClaw Session Transcripts
highDetects unauthorized processes accessing OpenClaw session transcript files, indicating potential exploitation of CVE-2026-33572.
Detect File Creation With Overly Permissive Permissions
mediumDetects files created with overly permissive permissions (world-readable) which may expose sensitive information.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
3
url