Home / Vulnerability Intelligence / CVE-2026-33572

CVE-2026-33572 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 31, 2026

OpenClaw - Information Disclosure

Published: March 29, 2026Updated: March 31, 2026

Overview

OpenClaw < 2026.2.17 contains an information disclosure vulnerability caused by overly broad default permissions on session transcript JSONL files, letting local attackers read sensitive transcript contents, exploit requires local access.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 1.2%(Probability of exploitation in next 30 days)

Impact

Local attackers can read sensitive information including secrets from transcript files, potentially leading to information leakage.

Mitigation

Update to version 2026.2.17 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 29, 2026

🟠 CVE-2026-33572 - High (8.4) OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information includ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33572/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33572
Severity: High
CVSS Score: 8.4
Type: misconfiguration
Status: confirmed
EPSS: 1.2%
Social Posts: 1

CWE

CWE-378

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.2%Probability of exploitation in the next 30 days