Medium severity6.5GHSA Advisory· Published May 5, 2026· Updated May 7, 2026

CVE-2026-43528

Description

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication material, and channel credentials that should have been redacted.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
openclawnpm	< 2026.4.14	2026.4.14

Affected products

OpenClaw/OpenclawGHSA2 versions
< 2026.4.14+ 1 more
- (no CPE)range: < 2026.4.14
- cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*range: <2026.4.14

Patches

86734ef93a2f

fix(config): redact sourceConfig and runtimeConfig alias fields in redactConfigSnapshot [AI] (#66030)

https://github.com/openclaw/openclawPavan Kumar GondhiApr 13, 2026via ghsa

commit

3 files changed · +25 −2

CHANGELOG.md+1 −0 modified

@@ -10,6 +10,7 @@ Docs: https://docs.openclaw.ai
 
 ### Fixes
 
+- fix(config): redact sourceConfig and runtimeConfig alias fields in redactConfigSnapshot [AI]. (#66030) Thanks @pgondhi987.
 - Agents/context engines: run opt-in turn maintenance as idle-aware background work so the next foreground turn no longer waits on proactive maintenance. (#65233) thanks @100yenadmin
 
 - Plugins/status: report the registered context-engine IDs in `plugins inspect` instead of the owning plugin ID, so non-matching engine IDs and multi-engine plugins are classified correctly. (#58766) thanks @zhuisDEV

src/config/redact-snapshot.test.ts+16 −0 modified

@@ -565,9 +565,21 @@ describe("redactConfigSnapshot", () => {
     });
     const result = redactConfigSnapshot(snapshot);
     const parsed = result.parsed as Record<string, Record<string, Record<string, string>>>;
+    const sourceConfig = result.sourceConfig as Record<
+      string,
+      Record<string, Record<string, string>>
+    >;
     const resolved = result.resolved as Record<string, Record<string, Record<string, string>>>;
+    const runtimeConfig = result.runtimeConfig as Record<
+      string,
+      Record<string, Record<string, string>>
+    >;
     expect(parsed.channels.discord.token).toBe(REDACTED_SENTINEL);
+    expect(sourceConfig.gateway.auth.token).toBe(REDACTED_SENTINEL);
     expect(resolved.gateway.auth.token).toBe(REDACTED_SENTINEL);
+    expect(runtimeConfig.channels.discord.token).toBe(REDACTED_SENTINEL);
+    expect(result.sourceConfig).toBe(result.resolved);
+    expect(result.runtimeConfig).toBe(result.config);
   });
 
   it("handles null raw gracefully", () => {
@@ -610,7 +622,11 @@ describe("redactConfigSnapshot", () => {
     const result = redactConfigSnapshot(snapshot);
     expect(result.raw).toBeNull();
     expect(result.parsed).toBeNull();
+    expect(result.sourceConfig).toEqual({});
     expect(result.resolved).toEqual({});
+    expect(result.runtimeConfig).toEqual({});
+    expect(result.sourceConfig).toBe(result.resolved);
+    expect(result.runtimeConfig).toBe(result.config);
   });
 
   it("handles deeply nested tokens in accounts", () => {

src/config/redact-snapshot.ts+8 −2 modified

@@ -423,12 +423,16 @@ export function redactConfigSnapshot(
     // properly redacted all sensitive data. Handing out a partially or, worse,
     // unredacted config string would be bad.
     // Therefore, the only safe route is to reject handling out broken configs.
+    const redactedConfig = {} as ConfigFileSnapshot["config"];
+    const redactedResolved = {} as ConfigFileSnapshot["resolved"];
     return {
       ...snapshot,
-      config: {},
+      sourceConfig: redactedResolved,
+      runtimeConfig: redactedConfig,
+      config: redactedConfig,
       raw: null,
       parsed: null,
-      resolved: {},
+      resolved: redactedResolved,
     };
   }
   // else: snapshot.config must be valid and populated, as that is what
@@ -455,6 +459,8 @@ export function redactConfigSnapshot(
 
   return {
     ...snapshot,
+    sourceConfig: redactedResolved,
+    runtimeConfig: redactedConfig,
     config: redactedConfig,
     raw: redactedRaw,
     parsed: redactedParsed,

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/openclaw/openclaw/commit/86734ef93a2f25063371b04f1946eb300548acd4nvdPatchWEB
github.com/advisories/GHSA-8372-7vhw-cm6qghsaADVISORY
github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6qnvdVendor AdvisoryWEB
www.vulncheck.com/advisories/openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliasesnvdThird Party Advisory
github.com/openclaw/openclaw/pull/66030ghsaWEB

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

6.5/ 10

CVSS v47.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Probability of exploitation in the next 30 days.

0.06%

VYPR risk score

Composite of severity, exploitation, and reach.

0.35medium

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000

Weaknesses

CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer

CVE ID

CVE-2026-43528

Source code

github.com/openclaw/openclaw

Credits

Z
zsxsoft
reporter · ghsa
K
KeenSecurityLab
sponsor · ghsa
Q
qclawer
sponsor · ghsa