CVE-2026-43528 Overview
CVE-2026-43528 is a redaction bypass vulnerability in OpenClaw versions before 2026.4.14. The flaw allows authenticated gateway clients to retrieve unredacted secrets through the sourceConfig and runtimeConfig alias fields exposed by the configuration snapshot API. Attackers with config read access can extract provider API keys, gateway authentication material, and channel credentials that the redaction logic was supposed to strip. The issue is classified under CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer.
Critical Impact
Authenticated low-privilege clients can harvest provider API keys, gateway tokens, and channel credentials by reading configuration snapshots, enabling lateral movement to upstream provider accounts and connected services.
Affected Products
- OpenClaw (Node.js distribution) versions prior to 2026.4.14
- Deployments exposing the gateway config read API to authenticated clients
- Environments storing provider API keys or channel credentials in sourceConfig or runtimeConfig
Discovery Timeline
- 2026-05-05 - CVE-2026-43528 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-43528
Vulnerability Analysis
OpenClaw maintains configuration snapshots that include both raw and resolved views of gateway settings. The redactConfigSnapshot routine in src/config/redact-snapshot.ts is responsible for stripping secrets before snapshots are returned to gateway clients. Prior to version 2026.4.14, the redaction routine cleared the config and resolved fields but failed to redact the newer sourceConfig and runtimeConfig alias fields that mirror the same data.
When the snapshot retrieval logic encountered an invalid or partially populated configuration, it returned a response that emptied config but left sourceConfig and runtimeConfig untouched. Authenticated clients querying the gateway config API received the unredacted aliases containing provider API keys, authentication tokens, and channel credentials.
Root Cause
The root cause is incomplete redaction coverage. The original redactConfigSnapshot implementation predated the introduction of sourceConfig and runtimeConfig aliases. When those alias fields were added to the snapshot schema, the redaction list was not updated to include them, leaving a parallel path for sensitive values to leak through the same API response.
Attack Vector
An attacker first authenticates to the OpenClaw gateway with any account that holds config read permissions. The attacker then issues a request that triggers the snapshot fallback path, for example by referencing a configuration that fails strict validation. The server returns a snapshot object in which config is empty but sourceConfig and runtimeConfig still contain the original secret values. The attacker parses the response and extracts provider API keys and gateway credentials directly.
// Patch from src/config/redact-snapshot.ts (commit 86734ef)
// properly redacted all sensitive data. Handing out a partially or, worse,
// unredacted config string would be bad.
// Therefore, the only safe route is to reject handling out broken configs.
const redactedConfig = {} as ConfigFileSnapshot["config"];
const redactedResolved = {} as ConfigFileSnapshot["resolved"];
return {
...snapshot,
sourceConfig: redactedResolved,
runtimeConfig: redactedConfig,
config: redactedConfig,
raw: null,
parsed: null,
resolved: redactedResolved,
};
Source: GitHub commit 86734ef. The patch explicitly clears sourceConfig and runtimeConfig alongside config and resolved so that no alias path leaks secrets.
Detection Methods for CVE-2026-43528
Indicators of Compromise
- Gateway access logs showing authenticated config read requests followed by outbound traffic to upstream provider APIs from new IP addresses or service accounts
- Provider-side audit events showing API key usage from geographies or hosts that do not match expected OpenClaw deployment locations
- Unexpected reads against the configuration snapshot endpoint by accounts that historically did not consume that API
- Channel credential reuse alerts from connected messaging or notification providers
Detection Strategies
- Inspect HTTP responses from the OpenClaw config snapshot endpoint for non-empty sourceConfig or runtimeConfig objects containing key-like values such as apiKey, token, or secret
- Correlate authenticated config read events with subsequent authentication attempts using provider API keys to identify potential credential harvesting
- Diff snapshot responses across versions to confirm whether the deployed instance returns redacted alias fields
Monitoring Recommendations
- Enable verbose audit logging on the OpenClaw gateway for all config read API calls, including caller identity and response size
- Forward gateway and provider API logs to a centralized analytics platform and alert on first-use of API keys from new source IPs
- Rotate and monitor any provider API keys, gateway tokens, and channel credentials that were ever stored in OpenClaw configurations on vulnerable versions
How to Mitigate CVE-2026-43528
Immediate Actions Required
- Upgrade OpenClaw to version 2026.4.14 or later, which extends redactConfigSnapshot to cover sourceConfig and runtimeConfig
- Rotate every provider API key, gateway authentication secret, and channel credential that was present in OpenClaw configurations prior to upgrade
- Audit gateway access logs for config read calls by low-privilege accounts and review whether any returned non-empty alias fields
- Restrict config read permissions to the minimum set of operators required to administer the gateway
Patch Information
The fix is delivered in commit 86734ef and tracked under GitHub Security Advisory GHSA-8372-7vhw-cm6q. Additional technical context is available in the VulnCheck advisory. Upgrade the openclaw Node.js package to 2026.4.14 or later from the official registry.
Workarounds
- Revoke config read scope from all non-administrative gateway clients until the upgrade is complete
- Place the OpenClaw gateway behind a network policy that limits config API access to a trusted management subnet
- Move provider API keys and channel credentials to an external secret store and reference them indirectly so that snapshot responses do not contain raw values
# Upgrade OpenClaw to a patched release
npm install openclaw@">=2026.4.14"
# Verify the installed version
npm ls openclaw
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
