PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53813 OpenClaw CVE debrief

CVE-2026-53813 is a HIGH-severity vulnerability in OpenClaw, a software that is susceptible to a path traversal attack. The vulnerability exists in the memory-core artifact loading process, where an attacker with access to an affected workspace can load artifacts from unintended local locations. This could potentially allow the execution of malicious code or access to sensitive data.

Vendor
OpenClaw
Product
Unknown
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-11
Original CVE updated
2026-06-12
Advisory published
2026-06-11
Advisory updated
2026-06-12

Who should care

Users of OpenClaw, especially those with workspaces that may be accessible to untrusted parties, should be aware of this vulnerability. Developers and administrators responsible for maintaining OpenClaw installations should prioritize patching to prevent exploitation.

Technical summary

The vulnerability, tracked as CVE-2026-53813, affects OpenClaw versions prior to 2026.4.25. It is characterized by a path traversal issue (CWE-427) that allows an attacker to influence the local package root resolution based on workspace state. This could enable the loading of memory-core artifacts from arbitrary locations on the system.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade OpenClaw to version 2026.4.25 or later to patch the vulnerability.
  • Restrict access to workspaces to only trusted users and ensure proper configuration to minimize exposure.
  • Monitor OpenClaw installations for any suspicious activity that could indicate attempted exploitation.

Evidence notes

The CVE-2026-53813 vulnerability has been analyzed and verified by official sources, including the National Vulnerability Database (NVD).

Official resources

CVE-2026-53813 was published on 2026-06-11T21:16:23.440Z and modified on 2026-06-12T19:25:15.053Z.