Описание
OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to logs and error surfaces.
Ссылки
- Patch
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2026.3.13 (исключая)
cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
7.5 High
CVSS3
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 7.5
github
8 дней назад
OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to logs and error surfaces.
EPSS
Процентиль: 12%
0.0004
Низкий
7.5 High
CVSS3
Дефекты
CWE-532