CVE-2026-35644
MEDIUMOpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots
Title source: cnaDescription
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-ppwq-6v66-5m6j)
https://github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j
Patch patch
Patch Commit #1
https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87
Patch patch
Patch Commit #2
https://github.com/openclaw/openclaw/commit/f0202264d0de7ad345382b9008c5963bcefb01b7
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots
https://www.vulncheck.com/advisories/openclaw-credential-exposure-via-baseurl-fields-in-gateway-snapshots
Scores
CVSS v3
6.5
EPSS
0.0019
EPSS Percentile
9.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-312
Status
published
Products (3)
OpenClaw/OpenClaw
< 2026.3.22
openclaw/openclaw
< 2026.3.22
OpenClaw/OpenClaw
2026.3.22
Published
Apr 09, 2026
Tracked Since
Apr 10, 2026