AI Threat Alert
CVE-2026-35644
MEDIUMOpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...
Full CISO analysis pending enrichment.
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| OpenClaw | pip | — | No patch |
Do you use OpenClaw? You're affected.
How severe is it?
What is the attack surface?
What should I do?
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Which compliance frameworks are affected?
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-35644?
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components.
Is CVE-2026-35644 actively exploited?
No confirmed active exploitation of CVE-2026-35644 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-35644?
No patch is currently available. Monitor vendor advisories for updates.
What is the CVSS score for CVE-2026-35644?
CVE-2026-35644 has a CVSS v3.1 base score of 6.5 (MEDIUM).
What are the technical details?
Original Advisory
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components.
Weaknesses (CWE)
CWE-312 — Cleartext Storage of Sensitive Information: The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
- [Implementation, System Configuration, Operation] When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
- [Implementation, System Configuration, Operation] In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References
- github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87 patch
- github.com/openclaw/openclaw/commit/f0202264d0de7ad345382b9008c5963bcefb01b7 patch
- github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j vendor-advisory
- vulncheck.com/advisories/openclaw-credential-exposure-via-baseurl-fields-in-gateway-snapshots third-party-advisory
Timeline
Related Vulnerabilities
CVE-2026-33579 9.9 Analysis pending
Same package: openclaw CVE-2026-32922 9.9 Analysis pending
Same package: openclaw CVE-2026-30741 9.8 OpenClaw: RCE via request-side prompt injection
Same package: openclaw CVE-2026-53838 9.8 OpenClaw: approval scope bypass via reconnection state
Same package: openclaw CVE-2026-32038 9.8 Analysis pending
Same package: openclaw