GHSA-8MH7-PHF8-XGFM

Vulnerability from github – Published: 2026-02-17 21:43 – Updated: 2026-02-17 21:43
VLAI?
Summary
OpenClaw skills.status could leak secrets to operator.read clients
Details

Summary

skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: <= 2026.2.13
  • Patched: 2026.2.14

Details

The gateway method skills.status returned a requirements report that included configChecks[].value (the resolved value for each requires.config entry). If a skill required a broad config subtree (for example channels.discord), the report could include secrets such as Discord bot tokens.

skills.status is callable with operator.read, so read-scoped clients could obtain secrets without operator.admin / config.* access.

Fix

  • Stop including raw resolved config values in requirement checks (return only { path, satisfied }).
  • Narrow the Discord skill requirement to the token key.

Fix commit(s):

  • d3428053d95eefbe10ecf04f92218ffcba55ae5a
  • ebc68861a61067fc37f9298bded3eec9de0ba783

Mitigation

Rotate any Discord tokens that may have been exposed to read-scoped clients.

Thanks @simecek for reporting.

Fix commits d3428053d95eefbe10ecf04f92218ffcba55ae5a and ebc68861a61067fc37f9298bded3eec9de0ba783 confirmed on main and in v2026.2.14. Upgrade to openclaw >= 2026.2.14.

Severity ?
5.3 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-26326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-17T21:43:41Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\n`skills.status` could disclose secrets to `operator.read` clients by returning raw resolved config values in `configChecks` for skill `requires.config` paths.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `\u003c= 2026.2.13`\n- Patched: `2026.2.14`\n\n### Details\n\nThe gateway method `skills.status` returned a requirements report that included `configChecks[].value` (the resolved value for each `requires.config` entry). If a skill required a broad config subtree (for example `channels.discord`), the report could include secrets such as Discord bot tokens.\n\n`skills.status` is callable with `operator.read`, so read-scoped clients could obtain secrets without `operator.admin` / `config.*` access.\n\n### Fix\n\n- Stop including raw resolved config values in requirement checks (return only `{ path, satisfied }`).\n- Narrow the Discord skill requirement to the token key.\n\nFix commit(s):\n\n- d3428053d95eefbe10ecf04f92218ffcba55ae5a\n- ebc68861a61067fc37f9298bded3eec9de0ba783\n\n### Mitigation\n\nRotate any Discord tokens that may have been exposed to read-scoped clients.\n\nThanks @simecek for reporting.\n\n---\n\nFix commits d3428053d95eefbe10ecf04f92218ffcba55ae5a and ebc68861a61067fc37f9298bded3eec9de0ba783 confirmed on main and in v2026.2.14. Upgrade to `openclaw \u003e= 2026.2.14`.",
  "id": "GHSA-8mh7-phf8-xgfm",
  "modified": "2026-02-17T21:43:41Z",
  "published": "2026-02-17T21:43:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8mh7-phf8-xgfm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/d3428053d95eefbe10ecf04f92218ffcba55ae5a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/ebc68861a61067fc37f9298bded3eec9de0ba783"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw skills.status could leak secrets to operator.read clients"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.