OpenClaw – Arbitrary File Read via Path Traversal, CVE-2026-53825 (High) -DC-Jul2026-850

Listen to this Post

How CVE-2026-53825 Works

OpenClaw before version 2026.4.7 contains an arbitrary file read vulnerability within the memory-wiki ingest feature. This feature is designed to allow authenticated Gateway operators with `operator.write` scope to import content from specified sources into the wiki memory. However, due to insufficient path sanitization, an attacker with the necessary permissions can supply arbitrary local file paths instead of being confined to the intended ingest directories.
The vulnerability stems from improper limitation of a pathname to a restricted directory, classified as CWE-22 (Path Traversal). When a request is made to the ingest functionality, the application fails to validate that the provided file path is within the allowed set of ingest sources. An authenticated Gateway operator with `operator.write` access can craft a malicious request pointing to sensitive system files, such as /etc/passwd, configuration files, or credential stores.
The `memory-wiki` ingest process then reads the contents of the specified file and imports them into the wiki memory, effectively exfiltrating the data through the application’s normal output channels. This bypasses the intended access restrictions and allows an attacker to disclose sensitive information.
It is important to note that this vulnerability does not change OpenClaw’s trusted-operator model. The risk is scoped to environments where the affected feature is enabled and reachable by authenticated operators. The practical impact depends on the operator’s configuration and whether lower-trust input can reach that path. Attackers with `operator.write` access can exploit this to read arbitrary local files, potentially exposing sensitive configuration data, credentials, or other confidential information stored on the server.
The vulnerability is addressed in OpenClaw version 2026.4.7 and later. Users are strongly advised to update to a patched release immediately.

DailyCVE Form

Platform: OpenClaw
Version: <2026.4.7
Vulnerability: Path Traversal
Severity: High
Date: 2026-06-13

Prediction: 2026-04-07

What Undercode Say

Analytics:

  • EPSS Score: 0.004 (29.1% percentile)
  • CVSS v3 Score: 6.5 (Medium)
  • CVSS v4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  • CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
  • Credit: Blee72

Bash Commands & Codes:

To check your OpenClaw version:

openclaw --version

To test for the vulnerability (requires authenticated `operator.write` access):

curl -X POST https://your-gateway/api/v1/memory-wiki/ingest \
-H "Authorization: Bearer <TOKEN>" \
-H "Content-Type: application/json" \
-d '{"source": "file:///etc/passwd"}'

Exploit

An authenticated attacker with `operator.write` scope can exploit this vulnerability by sending a crafted request to the `memory-wiki` ingest endpoint. The attacker specifies an arbitrary local file path (e.g., file:///etc/passwd) as the ingest source. The application reads the file and imports its content into the wiki memory, which can then be retrieved by the attacker, exposing sensitive information. The attack is performed remotely over the network with low complexity and requires low privileges.

Protection

  • Immediate: Update OpenClaw to version 2026.4.7 or later, which contains a patch for this vulnerability.
  • Mitigation: Limit `memory-wiki` write access to trusted operators only.
  • Hardening: Keep channel and tool allowlists narrow; avoid sharing a single Gateway between mutually untrusted users; disable the affected feature when not in use.
  • General: Use OpenClaw’s `@openclaw/fs-safe` library for secure file operations, which enforces root-bounded reads and writes.

Impact

Successful exploitation allows an attacker to read arbitrary local files on the server, potentially exposing sensitive configuration files, credentials, API keys, or other confidential data. This could lead to privilege escalation, lateral movement, or further compromise of the OpenClaw instance and its underlying infrastructure. The impact is heightened in multi-tenant environments where the Gateway is shared among multiple users.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top