Cyber Resilience

CVE-2026-33572

MediumPublic PoC

Published: 29 March 2026

Published
29 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score v4 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 2.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-33572 is a medium-severity Creation of Temporary File With Insecure Permissions (CWE-378) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 2.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AU-9 (Protection of Audit Information) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-33572 affects OpenClaw versions prior to 2026.2.17, where the software creates session transcript files in JSONL format with overly broad default permissions. This misconfiguration, tied to CWE-378 (Creation of Temporary File With Insecure Permissions), enables unauthorized reading of these files by local users. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting high confidentiality, integrity, and availability impacts from local exploitation.

Local attackers with access to the host system can exploit this issue without privileges by directly reading the transcript files, extracting sensitive information such as secrets captured in tool outputs during sessions. No user interaction or special conditions are required beyond local presence, making it feasible for malicious users on shared systems or compromised hosts to harvest credentials or other confidential data logged in transcripts.

Mitigation involves upgrading to OpenClaw 2026.2.17 or later, as detailed in the patching commit at https://github.com/openclaw/openclaw/commit/095d522099653367e1b76fa5bb09d4ddf7c8a57c. The GitHub security advisory (https://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-g7jv-h5mp) and VulnCheck analysis (https://www.vulncheck.com/advisories/openclaw-insufficient-file-permissions-in-session-transcript-files) recommend applying this fix promptly and reviewing permissions on existing transcript files to prevent unauthorized access.

EU & UK References

Vulnerability details

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Insecure default permissions on session transcript files (CWE-378) directly enable local unauthorized read access to files containing captured secrets/credentials, facilitating T1552.001 (adversary collection of unsecured credentials from files) and T1005 (data collection from the local system).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35668Same product: Openclaw Openclaw
CVE-2026-28482Same product: Openclaw Openclaw
CVE-2026-28463Same product: Openclaw Openclaw
CVE-2026-32024Same product: Openclaw Openclaw
CVE-2026-33581Same product: Openclaw Openclaw
CVE-2026-32030Same product: Openclaw Openclaw
CVE-2026-32013Same product: Openclaw Openclaw
CVE-2026-28479Same product: Openclaw Openclaw
CVE-2026-29611Same product: Openclaw Openclaw
CVE-2026-32033Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.17

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates secure baseline configuration settings for OpenClaw to create session transcript files with restrictive permissions, directly preventing unauthorized local access.

prevent

Requires access controls or cryptographic protection for sensitive information at rest, such as secrets in OpenClaw transcript files, blocking local unauthorized reads.

prevent

Protects audit-like session transcript information from unauthorized access by local users, mitigating extraction of sensitive secrets.

References