PatchSiren cyber security CVE debrief
CVE-2026-53856 OpenClaw CVE debrief
CVE-2026-53856 is a MEDIUM-severity vulnerability in OpenClaw, a software that contains an insecure file permissions vulnerability in its config recovery feature. The vulnerability allows local attackers on shared hosts to read sensitive configuration data by exploiting the recovery path to access the restored config file.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of OpenClaw before version 2026.4.24, especially those hosting the software on shared systems.
Technical summary
The vulnerability is caused by OpenClaw restoring its configuration file, OpenClaw.json, with overly broad permissions during config recovery. This allows local attackers to read sensitive configuration data.
Defensive priority
MEDIUM
Recommended defensive actions
- Update OpenClaw to version 2026.4.24 or later.
- Review and correct file permissions for OpenClaw.json.
- Limit access to sensitive configuration data.
Evidence notes
The CVE-2026-53856 vulnerability was reported by Vulncheck and has a CVSS score of 5.7. The vulnerability is tracked under CWE-732.
Official resources
CVE-2026-53856 was published on 2026-06-16T19:17:03.047Z and modified on 2026-06-16T20:42:46.200Z.