GHSA-5hj8-2w5c-mmprMediumCVSS 6.5

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action...

Published
June 13, 2026
Last Modified
June 13, 2026

🔗 CVE IDs covered (1)

📋 Description

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.

🔗 References (4)