{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33572/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-33572","file-permissions","credential-access"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw before version 2026.2.17 is vulnerable to an insufficient file permissions issue. The application creates session transcript JSONL files with overly permissive default access controls. This vulnerability allows local users to read these transcript files, potentially exposing sensitive information such as secrets, API keys, passwords, or other confidential data that might be present in tool outputs or commands executed during a session. The vulnerability is identified as CVE-2026-33572…\u003c/p\u003e\n","date_modified":"2026-03-29T13:17:02Z","date_published":"2026-03-29T13:17:02Z","id":"/briefs/2026-03-openclaw-file-permissions/","summary":"OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents and extract sensitive information.","title":"OpenClaw Insufficient File Permissions Vulnerability (CVE-2026-33572)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-file-permissions/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33572","version":"https://jsonfeed.org/version/1.1"}