https://feed.craftedsignal.io/tags/cve-2026-33572/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSun, 29 Mar 2026 13:17:02 +0000https://feed.craftedsignal.io/briefs/2026-03-openclaw-file-permissions/Sun, 29 Mar 2026 13:17:02 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-file-permissions/OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents and extract sensitive information.<p>OpenClaw before version 2026.2.17 is vulnerable to an insufficient file permissions issue. The application creates session transcript JSONL files with overly permissive default access controls. This vulnerability allows local users to read these transcript files, potentially exposing sensitive information such as secrets, API keys, passwords, or other confidential data that might be present in tool outputs or commands executed during a session. The vulnerability is identified as CVE-2026-33572…</p> mediumadvisorycve-2026-33572file-permissionscredential-access