CVE-2026-59261

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
08/07/2026
Last modified:
09/07/2026

Description

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* 2026.5.28 (excluding)