CVE-2026-43528 POC (Proof-of-Concept)

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication material, and channel credentials that should have been redacted.

Published: 2026-05-05

CVSS: 7.1

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Download CVE-2026-43528 POC (Proof-of-Concept) here:

http://zeroday6mns52t72y3rsle7f72wca5uwn2xzktdysf72flozx7sv4mqd.onion/exploit-for-cve-2026-43528.776/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://hokyo.gr/poc-771-cve-2026-33111/

https://hokyo.gr/poc-67-cve-2026-31766/

https://hokyo.gr/poc-178-cve-2026-7610/

https://hokyo.gr/poc-593-cve-2026-7928/