Listen to this Post
How CVE-2026-53825 Works
OpenClaw before version 2026.4.7 contains an arbitrary file read vulnerability within the memory-wiki ingest feature. This feature is designed to allow authenticated Gateway operators with `operator.write` scope to import content from specified sources into the wiki memory. However, due to insufficient path sanitization, an attacker with the necessary permissions can supply arbitrary local file paths instead of being confined to the intended ingest directories.
The vulnerability stems from improper limitation of a pathname to a restricted directory, classified as CWE-22 (Path Traversal). When a request is made to the ingest functionality, the application fails to validate that the provided file path is within the allowed set of ingest sources. An authenticated Gateway operator with `operator.write` access can craft a malicious request pointing to sensitive system files, such as /etc/passwd, configuration files, or credential stores.
The `memory-wiki` ingest process then reads the contents of the specified file and imports them into the wiki memory, effectively exfiltrating the data through the application’s normal output channels. This bypasses the intended access restrictions and allows an attacker to disclose sensitive information.
It is important to note that this vulnerability does not change OpenClaw’s trusted-operator model. The risk is scoped to environments where the affected feature is enabled and reachable by authenticated operators. The practical impact depends on the operator’s configuration and whether lower-trust input can reach that path. Attackers with `operator.write` access can exploit this to read arbitrary local files, potentially exposing sensitive configuration data, credentials, or other confidential information stored on the server.
The vulnerability is addressed in OpenClaw version 2026.4.7 and later. Users are strongly advised to update to a patched release immediately.
DailyCVE Form
Platform: OpenClaw
Version: <2026.4.7
Vulnerability: Path Traversal
Severity: High
Date: 2026-06-13
Prediction: 2026-04-07
What Undercode Say
Analytics:
- EPSS Score: 0.004 (29.1% percentile)
- CVSS v3 Score: 6.5 (Medium)
- CVSS v4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
- CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
- Credit: Blee72
Bash Commands & Codes:
To check your OpenClaw version:
openclaw --version
To test for the vulnerability (requires authenticated `operator.write` access):
curl -X POST https://your-gateway/api/v1/memory-wiki/ingest \
-H "Authorization: Bearer <TOKEN>" \
-H "Content-Type: application/json" \
-d '{"source": "file:///etc/passwd"}'
Exploit
An authenticated attacker with `operator.write` scope can exploit this vulnerability by sending a crafted request to the `memory-wiki` ingest endpoint. The attacker specifies an arbitrary local file path (e.g., file:///etc/passwd) as the ingest source. The application reads the file and imports its content into the wiki memory, which can then be retrieved by the attacker, exposing sensitive information. The attack is performed remotely over the network with low complexity and requires low privileges.
Protection
- Immediate: Update OpenClaw to version 2026.4.7 or later, which contains a patch for this vulnerability.
- Mitigation: Limit `memory-wiki` write access to trusted operators only.
- Hardening: Keep channel and tool allowlists narrow; avoid sharing a single Gateway between mutually untrusted users; disable the affected feature when not in use.
- General: Use OpenClaw’s `@openclaw/fs-safe` library for secure file operations, which enforces root-bounded reads and writes.
Impact
Successful exploitation allows an attacker to read arbitrary local files on the server, potentially exposing sensitive configuration files, credentials, API keys, or other confidential data. This could lead to privilege escalation, lateral movement, or further compromise of the OpenClaw instance and its underlying infrastructure. The impact is heightened in multi-tenant environments where the Gateway is shared among multiple users.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

