CVE-2026-26326 – OpenClaw personal AI assistant versions before ... (How to Fix)

Q: What is the severity of CVE-2026-26326?

CVE-2026-26326 has a CVSS score of 4.3 (MEDIUM). OpenClaw personal AI assistant versions before 2026.2.14 could expose sensitive configuration secrets to clients with read-only permissions. The vulnerability occurs when the system returns raw resolved configuration values during skill requirement checks, potentially disclosing secrets like Discord tokens. Anyone using OpenClaw with read-scoped clients is affected.

📋 TL;DR

OpenClaw personal AI assistant versions before 2026.2.14 could expose sensitive configuration secrets to clients with read-only permissions. The vulnerability occurs when the system returns raw resolved configuration values during skill requirement checks, potentially disclosing secrets like Discord tokens. Anyone using OpenClaw with read-scoped clients is affected.

💻 Affected Systems

Products:

OpenClaw

Versions: All versions prior to 2026.2.14

Operating Systems: All platforms running OpenClaw

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects any OpenClaw deployment with skills using requires.config paths and read-scoped clients.

📦 What is this software?

Openclaw by Openclaw

View all CVEs affecting Openclaw →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with read-only access could extract all sensitive configuration secrets including API keys, tokens, and credentials, leading to complete account compromise and data breaches.

🟠

Likely Case

Unauthorized disclosure of Discord tokens and other API credentials to users or systems with read-only permissions, enabling account takeover and privilege escalation.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized users who already have read access but shouldn't see raw configuration values.

🌐 Internet-Facing: MEDIUM - Risk depends on whether read-scoped clients are exposed to the internet, but configuration exposure amplifies impact.

🏢 Internal Only: HIGH - Internal users with read access could extract sensitive configuration data they shouldn't see.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires only read access to the system.

Exploitation requires existing read access to the OpenClaw system, making it an information disclosure vulnerability rather than an access control bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2026.2.14

Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-8mh7-phf8-xgfm

Restart Required: Yes

Instructions:

1. Update OpenClaw to version 2026.2.14 or later. 2. Restart the OpenClaw service. 3. Rotate any Discord tokens that may have been exposed to read-scoped clients.

🔧 Temporary Workarounds

Restrict read access

all

Limit read-scoped client access to only trusted users and systems.

Remove sensitive config from skills

all

Temporarily remove or obfuscate sensitive configuration values from skill requirements.

🧯 If You Can't Patch

Implement strict access controls to limit which users/systems have read permissions
Monitor and audit all read access to the skills.status endpoint for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if OpenClaw version is below 2026.2.14 and if skills.status endpoint returns raw config values to read-scoped clients.

Check Version:

Check OpenClaw version in application logs or configuration files

Verify Fix Applied:

After updating to 2026.2.14, verify that skills.status only returns {path, satisfied} objects without raw config values.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to skills.status endpoint
Multiple read requests from single client in short timeframe

Network Indicators:

Excessive requests to skills.status API endpoint
Traffic from unauthorized clients to configuration endpoints

SIEM Query:

source="openclaw" AND endpoint="skills.status" AND user_scope="read" AND count > threshold

📊 Metadata

CVE ID: CVE-2026-26326

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: February 19, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/openclaw/openclaw/commit/d3428053d95eefbe10ecf04f92218ffcba55ae5a Patch
https://github.com/openclaw/openclaw/commit/ebc68861a61067fc37f9298bded3eec9de0ba783 Patch
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14 Product,Release Notes
https://github.com/openclaw/openclaw/security/advisories/GHSA-8mh7-phf8-xgfm Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26326, you might also want to check these: