CVE-2026-53826
Received Received - Intake
Information Disclosure in OpenClaw via Sandboxed Session Spawning

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: VulnCheck

Description
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context to child models.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2026-53826
EUVD
EUVD-2026-36614
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.26 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-668 The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.4.26 and involves an information disclosure issue during sandboxed session spawning. Specifically, when a child session is spawned from a sandboxed parent session, the real workspace path of the host is exposed to the child prompt. Attackers can exploit this behavior to reveal the host's workspace location or related memory context to child models.

Impact Analysis

The impact of this vulnerability is primarily information disclosure. An attacker with the ability to spawn child sessions from sandboxed parents can gain knowledge of the real workspace path on the host system. This exposure could potentially aid attackers in further attacks by revealing sensitive environment details or memory context, although it does not directly affect integrity or availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53826. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart