CVE-2026-53826
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context.
Risk Assessment
The disclosure of the real workspace path may lead to further attacks on the system, allowing attackers access to sensitive data and resources. Organizations may be at risk of losing confidentiality of information.
Recommendation
It is recommended to update OpenClaw to version 2026.4.26 or later to mitigate this vulnerability. Additionally, it is advisable to review and restrict access to sandboxed sessions.
Original NVD description (English source)
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context to child models.

