CVE-2026-33572
Published: 29 March 2026
Summary
CVE-2026-33572 is a high-severity Creation of Temporary File With Insecure Permissions (CWE-378) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AU-9 (Protection of Audit Information) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates secure baseline configuration settings for OpenClaw to create session transcript files with restrictive permissions, directly preventing unauthorized local access.
Requires access controls or cryptographic protection for sensitive information at rest, such as secrets in OpenClaw transcript files, blocking local unauthorized reads.
Protects audit-like session transcript information from unauthorized access by local users, mitigating extraction of sensitive secrets.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure default permissions on session transcript files (CWE-378) directly enable local unauthorized read access to files containing captured secrets/credentials, facilitating T1552.001 (adversary collection of unsecured credentials from files) and T1005 (data collection from the local system).
NVD Description
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.
Deeper analysisAI
CVE-2026-33572 affects OpenClaw versions prior to 2026.2.17, where the software creates session transcript files in JSONL format with overly broad default permissions. This misconfiguration, tied to CWE-378 (Creation of Temporary File With Insecure Permissions), enables unauthorized reading of these files by local users. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting high confidentiality, integrity, and availability impacts from local exploitation.
Local attackers with access to the host system can exploit this issue without privileges by directly reading the transcript files, extracting sensitive information such as secrets captured in tool outputs during sessions. No user interaction or special conditions are required beyond local presence, making it feasible for malicious users on shared systems or compromised hosts to harvest credentials or other confidential data logged in transcripts.
Mitigation involves upgrading to OpenClaw 2026.2.17 or later, as detailed in the patching commit at https://github.com/openclaw/openclaw/commit/095d522099653367e1b76fa5bb09d4ddf7c8a57c. The GitHub security advisory (https://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-g7jv-h5mp) and VulnCheck analysis (https://www.vulncheck.com/advisories/openclaw-insufficient-file-permissions-in-session-transcript-files) recommend applying this fix promptly and reviewing permissions on existing transcript files to prevent unauthorized access.
Details
- CWE(s)