GHSA-VR7J-G7JV-H5MP

Vulnerability from github – Published: 2026-03-16 20:41 – Updated: 2026-04-06 22:46
VLAI?
Summary
OpenClaw session transcript files were created without forced user-only permissions
Details

openclaw created new session transcript JSONL files with overly broad default permissions in affected releases. On multi-user hosts, other local users or processes could read transcript contents, including secrets that might appear in tool output.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.15
  • First fixed version: 2026.2.17
  • Current latest npm release checked during verification: 2026.3.13 (not affected)

Impact

Session transcript JSONL files are created under the local OpenClaw session store. In affected releases, newly created transcript files did not force user-only permissions, so transcript contents could be readable by other local users depending on the host environment and umask behavior.

Fix

New transcript files are now created with 0o600 permissions. Existing transcript permission drift is also remediated by the security audit fix flow.

Verified in code:

  • src/config/sessions/transcript.ts:82 writes new transcript files with mode: 0o600
  • src/config/sessions/sessions.test.ts:303 includes regression coverage asserting 0o600

Fix Commit(s)

  • 095d522099653367e1b76fa5bb09d4ddf7c8a57c

Release Note

This fix first shipped in 2026.2.17 and is present in the current npm release 2026.3.13.

Severity ?
5.7 (Medium)
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.15"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-732"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-16T20:41:51Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "`openclaw` created new session transcript JSONL files with overly broad default permissions in affected releases. On multi-user hosts, other local users or processes could read transcript contents, including secrets that might appear in tool output.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (`npm`)\n- Affected versions: `\u003c= 2026.2.15`\n- First fixed version: `2026.2.17`\n- Current latest npm release checked during verification: `2026.3.13` (not affected)\n\n## Impact\n\nSession transcript JSONL files are created under the local OpenClaw session store. In affected releases, newly created transcript files did not force user-only permissions, so transcript contents could be readable by other local users depending on the host environment and umask behavior.\n\n## Fix\n\nNew transcript files are now created with `0o600` permissions. Existing transcript permission drift is also remediated by the security audit fix flow.\n\nVerified in code:\n\n- `src/config/sessions/transcript.ts:82` writes new transcript files with `mode: 0o600`\n- `src/config/sessions/sessions.test.ts:303` includes regression coverage asserting `0o600`\n\n## Fix Commit(s)\n\n- `095d522099653367e1b76fa5bb09d4ddf7c8a57c`\n\n## Release Note\n\nThis fix first shipped in `2026.2.17` and is present in the current npm release `2026.3.13`.",
  "id": "GHSA-vr7j-g7jv-h5mp",
  "modified": "2026-04-06T22:46:26Z",
  "published": "2026-03-16T20:41:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-g7jv-h5mp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/095d522099653367e1b76fa5bb09d4ddf7c8a57c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-insufficient-file-permissions-in-session-transcript-files"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw session transcript files were created without forced user-only permissions"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.