CVE-2026-33572
Published
CVSS v3
8.4
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
GitHub