CVE-2026-53844

MEDIUM

OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search

Title source: cna
STIX 2.1

Description

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-72fw-cqh5-f324)
https://github.com/openclaw/openclaw/security/advisories/GHSA-72fw-cqh5-f324
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search
https://www.vulncheck.com/advisories/openclaw-session-visibility-check-bypass-in-shared-memory-search

Scores

CVSS v3 6.5
EPSS 0.0021
EPSS Percentile 11.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (5)
npm/openclaw 0 - 2026.4.29npm
openclaw/openclaw 2026.4.29 beta1 (4 CPE variants)
OpenClaw/OpenClaw < 2026.4.29
openclaw/openclaw < 2026.4.29
OpenClaw/OpenClaw 2026.4.29
Published Jun 16, 2026
Tracked Since Jun 17, 2026