CVE-2026-53844
Received Received - Intake
Session Visibility Bypass in OpenClaw

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: VulnCheck

Description
OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-53844
EUVD
EUVD-2026-37146
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.29 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-53844 is a vulnerability in OpenClaw versions before 2026.4.29 where authenticated users can bypass session visibility checks in the shared memory search feature.

This flaw allows attackers to access memory entries that should be restricted to their session by skipping the normal authorization guards.

Essentially, users who should only see certain data in shared memory can exploit this issue to view additional memory entries they are not authorized to access.

Impact Analysis

The vulnerability can lead to unauthorized information disclosure by allowing authenticated users to access memory entries outside their authorized session scope.

This means sensitive or restricted data stored in shared memory could be exposed to users who should not have access, potentially compromising confidentiality.

Until patched, operators are advised to restrict shared memory search to trusted users, keep allowlists narrow, avoid sharing gateways between untrusted users, and disable the affected feature if not needed.

Mitigation Strategies

To mitigate the session visibility check bypass vulnerability in OpenClaw, operators should take the following immediate steps:

  • Limit shared memory search access to trusted users only.
  • Keep allowlists narrow to reduce exposure.
  • Avoid sharing a Gateway between untrusted users.
  • Disable the affected shared memory search feature if it is not necessary.

Additionally, apply the available patch by upgrading OpenClaw to version 2026.4.29 or later, where the vulnerability has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53844. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart