CVE-2026-62211
Received Received - Intake

Credential Redaction Bypass in OpenClaw

Vulnerability report for CVE-2026-62211, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose sensitive credentials and data through the export mechanism.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.6.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

OpenClaw versions before 2026.6.1 have a vulnerability where the trajectory export feature fails to properly redact credentials. This allows lower-privileged users to access sensitive data or credentials that should remain restricted to trusted users. Attackers can exploit misconfigured input paths or feature accessibility to expose this information through the export mechanism.

Detection Guidance

To detect this vulnerability, check if your OpenClaw version is prior to 2026.6.1. Review logs for trajectory export operations that may expose sensitive credentials. Inspect configuration files for misconfigured input paths or feature accessibility settings.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive credentials and data. If exploited, attackers with lower privileges could retrieve confidential information, potentially compromising system security. The impact depends on configuration and whether untrusted input can reach the affected feature.

Compliance Impact

This vulnerability could lead to non-compliance with data protection regulations like GDPR or HIPAA by exposing sensitive credentials and data to unauthorized users. Organizations may face legal and regulatory penalties due to potential data breaches and loss of confidentiality.

Mitigation Strategies

Upgrade OpenClaw to version 2026.6.1 or later. Restrict trajectory export functionality to trusted operators only. Disable the feature if not needed. Implement narrow allowlists and avoid shared Gateways between untrusted users.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart