Security Advisory

CVE-2026-27003

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 23:14:10

Last updated 2026-02-20 15:37:51

Assigner GitHub_M

State PUBLISHED

Description

OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces (for example, when request URLs include `https://api.telegram.org/bot<token>/...`). Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs, crash reports, CI output, or support bundles. Disclosure of a Telegram bot token allows an attacker to impersonate the bot and take over Bot API access. Users should upgrade to version 2026.2.15 to obtain a fix and rotate the Telegram bot token if it may have been exposed.

← Browse all CVEs View on cve.org ↗