Main Vulnerability Database Vulnerabilities #VU125167

#VU125167 Inclusion of Sensitive Information in Log Files in OpenClaw - CVE-2026-32982

Published: April 8, 2026

Vulnerability identifier: #VU125167

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-32982

CWE-ID: CWE-532

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to insertion of sensitive information into log files in fetchRemoteMedia() in src/media/fetch.ts when handling failed inbound Telegram media downloads. A remote attacker can trigger a media fetch failure to disclose sensitive information.

The leaked information may be exposed through logs, console output, or other downstream error surfaces that render exception text.

Remediation

Install security update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcj-hwhf-h378

#VU125167 Inclusion of Sensitive Information in Log Files in OpenClaw - CVE-2026-32982

Description

Remediation

External links

Please verify you're human