GHSA-5hj8-2w5c-mmprMediumCVSS 6.5
OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action...
🔗 CVE IDs covered (1)
📋 Description
OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.