CVE-2026-53844
Awaiting Analysis Awaiting Analysis - Queue

Session Visibility Bypass in OpenClaw

Vulnerability report for CVE-2026-53844, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: VulnCheck

Description

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-07
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.29 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-53844 is a vulnerability in OpenClaw versions before 2026.4.29 where authenticated users can bypass session visibility checks in the shared memory search feature.

This flaw allows attackers to access memory entries that should be restricted to their session by skipping the normal authorization guards.

Essentially, users who should only see certain data in shared memory can exploit this issue to view additional memory entries they are not authorized to access.

Impact Analysis

The vulnerability can lead to unauthorized information disclosure by allowing authenticated users to access memory entries outside their authorized session scope.

This means sensitive or restricted data stored in shared memory could be exposed to users who should not have access, potentially compromising confidentiality.

Until patched, operators are advised to restrict shared memory search to trusted users, keep allowlists narrow, avoid sharing gateways between untrusted users, and disable the affected feature if not needed.

Mitigation Strategies

To mitigate the session visibility check bypass vulnerability in OpenClaw, operators should take the following immediate steps:

  • Limit shared memory search access to trusted users only.
  • Keep allowlists narrow to reduce exposure.
  • Avoid sharing a Gateway between untrusted users.
  • Disable the affected shared memory search feature if it is not necessary.

Additionally, apply the available patch by upgrading OpenClaw to version 2026.4.29 or later, where the vulnerability has been fixed.

Compliance Impact

The vulnerability allows authenticated users to bypass session visibility checks and access memory entries that should be restricted, leading to unauthorized information disclosure.

Such unauthorized access and potential information disclosure could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data.

Operators are advised to apply patches, limit shared memory search to trusted users, and disable affected features when unnecessary to mitigate risks and help maintain compliance.

Detection Guidance

There is no specific detection method or commands provided in the available resources for identifying this vulnerability on your network or system.

However, operators are advised to check the OpenClaw version in use and ensure it is updated to 2026.4.29 or later, as earlier versions are vulnerable.

Additionally, limiting shared memory search access to trusted users, narrowing allowlists, avoiding sharing a Gateway between untrusted users, and disabling the affected feature when unnecessary are recommended mitigation steps.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53844. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart