CVE-2026-53826
4.3 MEDIUMOpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace ...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-668
Description
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context to child models.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-47141 — vm2 is an open source vm/sandbox for Node.js
- CVE-2026-48096 — OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)
- CVE-2026-42535 — A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV proper... (9.1 CRITICAL)
- CVE-2025-15653 — Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unau... (6.8 MEDIUM)
- CVE-2026-46430 — Algernon is a small self-contained pure-Go web server (4.3 MEDIUM)