CVE-2026-53813
HIGHOpenClaw < 2026.4.25 - Arbitrary Artifact Loading via Fake Package Root Resolution
Title source: cnaDescription
OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing malicious code or accessing sensitive data.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
patch
GitHub Security Advisory (GHSA-v8cx-933x-r976)
https://github.com/openclaw/openclaw/security/advisories/GHSA-v8cx-933x-r976
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/openclaw-arbitrary-artifact-loading-via-fake-package-root-resolution
Scores
CVSS v3
7.8
EPSS
0.0011
EPSS Percentile
1.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (3)
OpenClaw/OpenClaw
< 2026.4.25
openclaw/openclaw
< 2026.4.25
OpenClaw/OpenClaw
2026.4.25
Published
Jun 11, 2026
Tracked Since
Jun 12, 2026