CVE Catalog

CVE-2026-53826

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context.

Risk Assessment

The disclosure of the real workspace path may lead to further attacks on the system, allowing attackers access to sensitive data and resources. Organizations may be at risk of losing confidentiality of information.

Recommendation

It is recommended to update OpenClaw to version 2026.4.26 or later to mitigate this vulnerability. Additionally, it is advisable to review and restrict access to sandboxed sessions.

Original NVD description (English source)

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context to child models.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS