Main Vulnerability Database Vulnerabilities #VU132732

Incorrect default permissions in OpenClaw - #VU132732

Published: May 29, 2026

Vulnerability identifier: #VU132732

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to incorrect default permissions in the config recovery feature when restoring configuration after repair. A local user can access a restored openclaw.json file with broader read permissions to disclose sensitive information.

Only configurations with the affected feature enabled and reachable are exposed.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-rwp6-7w3q-75fq

Incorrect default permissions in OpenClaw - #VU132732

Detailed vulnerability description

Remediation

Sources

Please verify you're human