Inclusion of Sensitive Information in Log Files in OpenClaw - #VU135894
Published: June 30, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to insertion of sensitive information into log file in the trajectory export feature when processing lower-trust caller input or configured input paths. A local user can trigger trajectory export with reachable lower-trust input to disclose sensitive information.
Only instances where the affected feature is enabled and reachable are vulnerable.