What is CVE-2026-32982?

CVE-2026-32982 is a high-severity vulnerability in Openclaw, classified under Insertion of Sensitive Information into Log File. CVSS score: 7.5/10. Published 2026-03-31.

How severe is CVE-2026-32982?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Openclaw

CVE-2026-32982

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot token…

EPSS: 0.000 (3.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Openclaw — versions 0, 2026.3.13

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

GitHub Security Advisory (GHSA-xwcj-hwhf-h378) (third-party-advisory)
Patch Commit (patch)
VulnCheck Advisory: OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs (third-party-advisory)

Frequently asked questions

What is CVE-2026-32982?: CVE-2026-32982 is a high-severity vulnerability in Openclaw, classified under Insertion of Sensitive Information into Log File. CVSS score: 7.5/10. Published 2026-03-31.
How severe is CVE-2026-32982?: High severity. CVSS v3 base score is 7.5 out of 10.