CVE-2026-53844
MEDIUMOpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search
Title source: cnaDescription
OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-72fw-cqh5-f324)
https://github.com/openclaw/openclaw/security/advisories/GHSA-72fw-cqh5-f324
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search
https://www.vulncheck.com/advisories/openclaw-session-visibility-check-bypass-in-shared-memory-search
Scores
CVSS v3
6.5
EPSS
0.0021
EPSS Percentile
11.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (5)
npm/openclaw
0 - 2026.4.29npm
openclaw/openclaw
2026.4.29 beta1 (4 CPE variants)
OpenClaw/OpenClaw
< 2026.4.29
openclaw/openclaw
< 2026.4.29
OpenClaw/OpenClaw
2026.4.29
Published
Jun 16, 2026
Tracked Since
Jun 17, 2026