CVE-2026-53844
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search. This allows authenticated callers to access memory entries without proper authorization.
Risk Assessment
Attackers can skip session visibility guards, leading to unauthorized access to data that should be hidden. This may result in the exposure of sensitive information.
Recommendation
It is recommended to update OpenClaw to version 2026.4.29 or later to mitigate this vulnerability. A user permission audit should also be conducted.
Original NVD description (English source)
OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.

