OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose sensitive credentials and data through the export mechanism.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jul 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose sensitive credentials and data through the export mechanism. | |
| Title | OpenClaw < 2026.6.1 Credential Redaction Bypass via Trajectory Export | |
| First Time appeared |
Openclaw
Openclaw openclaw |
|
| Weaknesses | CWE-532 | |
| CPEs | cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Openclaw
Openclaw openclaw |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-17T00:06:54.132Z
Reserved: 2026-07-13T16:39:22.251Z
Link: CVE-2026-62211
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T01:30:08Z