PatchSiren cyber security CVE debrief
CVE-2026-53865 OpenClaw CVE debrief
CVE-2026-53865 is a HIGH-severity vulnerability in OpenClaw, a software that is vulnerable to path traversal attacks. The vulnerability, which has a CVSS score of 7.2, allows workspace-derived service paths to influence trash command selection, enabling attackers to execute unintended local executables from operator-unintended paths during maintenance operations.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-18
Who should care
Users of OpenClaw before version 2026.5.2 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a path traversal issue in the maintenance task execution of OpenClaw. This allows attackers to manipulate workspace-derived environment paths and execute unintended local executables.
Defensive priority
HIGH
Recommended defensive actions
- Update OpenClaw to version 2026.5.2 or later.
- Restrict access to maintenance operations to trusted users.
- Monitor maintenance operations for suspicious activity.
Evidence notes
The CVE record was published on 2026-06-16T19:17:04.890Z and last modified on 2026-06-16T20:42:46.200Z. The vulnerability was reported by Vulncheck.
Official resources
CVE-2026-53865 was published on 2026-06-16T19:17:04.890Z.