Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw leaks Discord bot tokens to unauthorized clients
CVE-2026-26326
GHSA-8mh7-phf8-xgfm
Summary
A software component called OpenClaw has a flaw that allows unauthorized users to access sensitive information, such as Discord bot tokens, by making a specific request. This is a concern because it allows users who shouldn't have access to sensitive data to obtain it. To protect your data, update the OpenClaw software to the latest version, which fixes this issue.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw skills.status could leak secrets to operator.read clients
Original description
### Summary
`skills.status` could disclose secrets to `operator.read` clients by returning raw resolved config values in `configChecks` for skill `requires.config` paths.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.13`
- Patched: `2026.2.14`
### Details
The gateway method `skills.status` returned a requirements report that included `configChecks[].value` (the resolved value for each `requires.config` entry). If a skill required a broad config subtree (for example `channels.discord`), the report could include secrets such as Discord bot tokens.
`skills.status` is callable with `operator.read`, so read-scoped clients could obtain secrets without `operator.admin` / `config.*` access.
### Fix
- Stop including raw resolved config values in requirement checks (return only `{ path, satisfied }`).
- Narrow the Discord skill requirement to the token key.
Fix commit(s):
- d3428053d95eefbe10ecf04f92218ffcba55ae5a
- ebc68861a61067fc37f9298bded3eec9de0ba783
### Mitigation
Rotate any Discord tokens that may have been exposed to read-scoped clients.
Thanks @simecek for reporting.
---
Fix commits d3428053d95eefbe10ecf04f92218ffcba55ae5a and ebc68861a61067fc37f9298bded3eec9de0ba783 confirmed on main and in v2026.2.14. Upgrade to `openclaw >= 2026.2.14`.
`skills.status` could disclose secrets to `operator.read` clients by returning raw resolved config values in `configChecks` for skill `requires.config` paths.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.13`
- Patched: `2026.2.14`
### Details
The gateway method `skills.status` returned a requirements report that included `configChecks[].value` (the resolved value for each `requires.config` entry). If a skill required a broad config subtree (for example `channels.discord`), the report could include secrets such as Discord bot tokens.
`skills.status` is callable with `operator.read`, so read-scoped clients could obtain secrets without `operator.admin` / `config.*` access.
### Fix
- Stop including raw resolved config values in requirement checks (return only `{ path, satisfied }`).
- Narrow the Discord skill requirement to the token key.
Fix commit(s):
- d3428053d95eefbe10ecf04f92218ffcba55ae5a
- ebc68861a61067fc37f9298bded3eec9de0ba783
### Mitigation
Rotate any Discord tokens that may have been exposed to read-scoped clients.
Thanks @simecek for reporting.
---
Fix commits d3428053d95eefbe10ecf04f92218ffcba55ae5a and ebc68861a61067fc37f9298bded3eec9de0ba783 confirmed on main and in v2026.2.14. Upgrade to `openclaw >= 2026.2.14`.
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-200
Information Exposure
- https://github.com/openclaw/openclaw/security/advisories/GHSA-8mh7-phf8-xgfm Patch Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-26326
- https://github.com/advisories/GHSA-8mh7-phf8-xgfm
- https://github.com/openclaw/openclaw/commit/d3428053d95eefbe10ecf04f92218ffcba55... Patch
- https://github.com/openclaw/openclaw/commit/ebc68861a61067fc37f9298bded3eec9de0b... Patch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14 Product Release Notes
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026