OpenClaw, Path Traversal, CVE-2026-53813 (High) -DC-Jul2026-838

Listen to this Post

How CVE-2026-53813 Works

OpenClaw before version 2026.4.25 contains a path traversal vulnerability in its memory-core artifact loading process. The root cause lies in how the application resolves local package roots—the workspace state can influence this resolution path, allowing a malicious actor to point it toward an unintended location.
Specifically, when the affected feature is enabled, the system does not properly validate or sanitize the workspace-derived path used to locate memory-core artifacts. An attacker with access to an affected workspace can craft a fake package root that, when resolved, points outside the intended bundled artifact directory. This causes the application to load memory-core artifacts from an arbitrary local path chosen by the attacker.
Because the loaded artifacts are executed or processed within the context of the OpenClaw instance, this flaw can lead to arbitrary code execution or unauthorized access to sensitive data stored on the host system. The vulnerability is classified as CWE-427: Uncontrolled Search Path Element. The CVSS v4.0 base score is 7.3 (High), with a vector of CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The vulnerability was publicly disclosed on May 28, 2026 and credited to 侯海飞 (@feynman-hou).

DailyCVE Form:

Platform: ……. OpenClaw for Node.js
Version: …….. < 2026.4.25
Vulnerability :…… Path Traversal (CWE-427)
Severity: ……. High (CVSS 7.3)
date: ………. 2026-05-28 (Public Disclosure)

Prediction: ……. 2026-04-25 (Already Patched)

What Undercode Say:

Analytics & Verification

Check your OpenClaw version:

npm list openclaw
or if installed globally
openclaw --version

To verify if your workspace is vulnerable, inspect the package root resolution logic:

Check for unintended package roots in memory-core
find . -name "package.json" -path "/memory-core/" -exec grep -l "root" {} \;

Monitor for suspicious artifact loading attempts:

Look for out-of-bound path access in logs
grep -i "memory-core.load..." /var/log/openclaw/.log

Hardening Check:

List all workspace directories accessible to OpenClaw
ls -la /path/to/openclaw/workspaces/
Verify that only trusted workspaces are present

Exploit:

An attacker with access to a workspace can craft a malicious `package.json` or manipulate workspace state to influence the package root resolution. By setting a fake root path that points to a location containing attacker-controlled artifacts (e.g., /tmp/malicious/), the system will load and execute memory-core artifacts from that unintended location. This can lead to arbitrary code execution or data exfiltration.

Example Attack Scenario:

  1. Attacker gains low-privilege access to an affected workspace.
  2. Attacker creates a fake package root structure pointing to /tmp/evil/.
  3. Attacker places a malicious memory-core artifact in /tmp/evil/.
  4. When OpenClaw resolves the package root, it loads the malicious artifact instead of the intended bundled one.
  5. The malicious artifact executes within the OpenClaw context, compromising the system.

Protection:

  • Upgrade: Update to OpenClaw version 2026.4.25 or later, which contains the official patch.
  • Workspace Trust: Only run memory-core flows from trusted workspaces until patched.
  • Disable Feature: If the affected feature is not required, disable it entirely.
  • Restrict Access: Keep channel and tool allowlists narrow; avoid sharing a single Gateway between mutually untrusted users.
  • Input Validation: As a general hardening measure, sanitize and validate all workspace-derived paths used in artifact resolution.

Impact:

Successful exploitation allows an attacker to load arbitrary memory-core artifacts from unintended local locations. This can result in:
– Arbitrary Code Execution: Malicious artifacts can execute code with the privileges of the OpenClaw process.
– Data Breach: Attackers may access sensitive data stored on the host system.
– System Compromise: Depending on the OpenClaw instance’s permissions, the entire host system could be compromised.
– Confidentiality, Integrity, and Availability Impact: All three security pillars are rated as HIGH per the CVSS v4.0 vector.
The practical impact depends on the operator’s configuration and whether lower-trust input can reach the vulnerable path.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top