Tag
A critical vulnerability, CVE-2026-59261, in OpenClaw before version 2026.5.28, allows attackers with lower-trust access to configured input paths to expose sensitive provider credentials by leveraging workspace dotenv files that override legitimate configurations, leading to unauthorized access to sensitive data.