GHSA-ppwq-6v66-5m6j: OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status

March 26, 2026

Read-scoped gateway snapshots could expose credentials embedded in channel baseUrl and related endpoint fields.

References

github.com/advisories/GHSA-ppwq-6v66-5m6j
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/f0202264d0de7ad345382b9008c5963bcefb01b7
github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j

Code Behaviors & Features

Detect and mitigate GHSA-ppwq-6v66-5m6j with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →