CVE Catalog

CVE-2026-53844

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search. This allows authenticated callers to access memory entries without proper authorization.

Risk Assessment

Attackers can skip session visibility guards, leading to unauthorized access to data that should be hidden. This may result in the exposure of sensitive information.

Recommendation

It is recommended to update OpenClaw to version 2026.4.29 or later to mitigate this vulnerability. A user permission audit should also be conducted.

Original NVD description (English source)

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS