CVE-2026-53844 | OpenClaw before 2026.4.29 contains a session visibility chec… | CVSS 6.5 MEDIUM

Description

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.

Metadata

CVE ID: CVE-2026-53844
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-10 21:19 UTC
Published: 2026-06-16 18:04 UTC
Last updated: 2026-06-16 18:39 UTC
Primary CWE: CWE-862
Missing Authorization
Vendor / Product: OpenClaw / OpenClaw
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
OpenClaw	OpenClaw	—	0 < 2026.4.29, 2026.4.29

Weakness (CWE)

CWE	Source	Description
CWE-862	cna	Missing Authorization

CVSS scores (2)

Score	Severity	Version	Source	Vector
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.0	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References (2)

GitHub Security Advisory (GHSA-72fw-cqh5-f324) https://github.com/openclaw/openclaw/security/advisories/GHSA-72fw-cqh5-f324
VulnCheck Advisory: OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search https://www.vulncheck.com/advisories/openclaw-session-visibility-check-bypass-in-shared-memory-search