CVE-2026-53865
Received Received - Intake
Path Traversal in OpenClaw Before 2026.5.2

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: VulnCheck

Description
OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by manipulating workspace-derived environment paths.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-53865
EUVD
EUVD-2026-37167
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-53865 is a path traversal vulnerability in OpenClaw versions before 2026.5.2 that affects maintenance task execution. It allows attackers to manipulate workspace-derived service paths to influence which trash command is selected. This manipulation can cause unintended local executables from paths not intended by the operator to be executed during maintenance operations.

Essentially, by controlling environment paths derived from the workspace, an attacker can cause the system to run unauthorized commands, potentially leading to arbitrary command execution.

Impact Analysis

This vulnerability can lead to unauthorized execution of local executables from unintended paths during maintenance tasks. This means an attacker with some level of access could execute arbitrary commands, potentially compromising system integrity.

The impact depends on the operator's configuration and whether lower-trust inputs can influence the workspace-derived paths. While the trusted-operator model of OpenClaw remains intact, exploitation could allow malicious code execution if security boundaries are crossed.

  • Potential unauthorized command execution
  • Compromise of maintenance operations
  • Execution of unintended local executables
Mitigation Strategies

To mitigate the CVE-2026-53865 vulnerability in OpenClaw prior to version 2026.5.2, you should take the following immediate steps:

  • Keep maintenance flows restricted to trusted workspaces to prevent untrusted input from influencing service paths.
  • Use fixed service paths instead of workspace-derived paths to avoid path traversal issues.
  • Narrow channel and tool allowlists to limit which executables and commands can be run during maintenance tasks.
  • Avoid sharing Gateways between untrusted users to reduce the risk of unauthorized path manipulation.
  • Disable the affected maintenance task feature if it is not necessary in your environment.
  • Upgrade OpenClaw to version 2026.5.2 or later, where this vulnerability has been patched.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53865. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart