How is CVE-2026-53813 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network-facing attack surface is involved. Authentication (required): A low-privilege local account is sufficient; the attacker must have authenticated access to the affected workspace. Victim interaction (not-required): No victim interaction is needed; the attacker manipulates workspace state directly without requiring another user to take any action. Attack complexity (info): Although the base exploit conditions are straightforward, the CVSS v4.0 vector notes a specific target configuration (AT:P) is required, meaning the vulnerable workspace state must already exist or be inducible by the attacker.

What is the impact of CVE-2026-53813?

The attacker can load and execute arbitrary code from attacker-controlled local filesystem paths, achieving code execution within the OpenClaw process. The attacker can read sensitive files accessible to the OpenClaw process, including secrets, credentials, or application data stored on the host. The attacker can overwrite or corrupt persisted artifacts and data that OpenClaw manages, disrupting application integrity. Confidentiality, integrity, and availability of the local system context are all fully compromised according to the CVSS v4.0 VC:H/VI:H/VA:H ratings.

Back to search

HIGHCVE-2026-53813Published 2026-06-11Modified 2026-06-13CNA VulnCheck

CVE-2026-53813: OpenClaw < 2026.4.25 - Arbitrary Artifact Loading via Fake Package Root Resolution

Q: What is CVE-2026-53813?

A path traversal vulnerability in OpenClaw before version 2026.4.25 allows an attacker with local workspace access to manipulate how the application resolves package roots during memory-core artifact loading. By corrupting or controlling workspace state, the attacker can redirect artifact loading to unintended local filesystem locations. Successful exploitation enables arbitrary code execution and access to sensitive data on the host. A patched-image rebuild at version 2026.4.25 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-53813 fixed?

A patched-image rebuild at OpenClaw 2026.4.25 becomes available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard will perform the rebuild, run a regression test suite against the new image, and open a pull request against affected workloads automatically.

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing malicious code or accessing sensitive data.

CVSS v4.0: 7.3
Severity: HIGH
Fixed in: 2026.4.25
Affected Products: 1

HarborGuard Analysis

Synopsis

A path traversal vulnerability in OpenClaw before version 2026.4.25 allows an attacker with local workspace access to manipulate how the application resolves package roots during memory-core artifact loading. By corrupting or controlling workspace state, the attacker can redirect artifact loading to unintended local filesystem locations. Successful exploitation enables arbitrary code execution and access to sensitive data on the host. A patched-image rebuild at version 2026.4.25 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle OpenClaw. Any image carrying a version of OpenClaw below 2026.4.25 is flagged automatically.

Available

Triage

HarborGuard scores this CVE at 7.3 HIGH using the CVSS v4.0 vector and can weight that score against each customer environment's compliance policy to elevate or suppress routing priority as appropriate. Findings are routed to the configured inbox or ticketing integration for the affected team within each customer organization.

Available

Patch

A patched-image rebuild at OpenClaw 2026.4.25 becomes available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard will perform the rebuild, run a regression test suite against the new image, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network-facing attack surface is involved.
AuthenticationRequired
A low-privilege local account is sufficient; the attacker must have authenticated access to the affected workspace.
Victim interactionNot required
No victim interaction is needed; the attacker manipulates workspace state directly without requiring another user to take any action.
Attack complexityDetail
Although the base exploit conditions are straightforward, the CVSS v4.0 vector notes a specific target configuration (AT:P) is required, meaning the vulnerable workspace state must already exist or be inducible by the attacker.

Blast Radius

The attacker can load and execute arbitrary code from attacker-controlled local filesystem paths, achieving code execution within the OpenClaw process.
The attacker can read sensitive files accessible to the OpenClaw process, including secrets, credentials, or application data stored on the host.
The attacker can overwrite or corrupt persisted artifacts and data that OpenClaw manages, disrupting application integrity.
Confidentiality, integrity, and availability of the local system context are all fully compromised according to the CVSS v4.0 VC:H/VI:H/VA:H ratings.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any scanned image carrying OpenClaw below 2026.4.25, including custom-built images. Where a customer's compliance policy permits auto-remediation, HarborGuard rebuilds the image at version 2026.4.25, runs a regression test pass, and opens a pull request against affected workloads; for high-severity issues, median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. For environments where auto-remediation is not enabled, the finding is surfaced as a prioritized alert for manual action. As a compensating control while an upgrade is being scheduled, customers can apply workspace-level access controls to restrict which local accounts can write to OpenClaw workspace state directories, limiting the attacker's ability to influence package root resolution.

See how HarborGuard automates this

Fix available

2026.4.25

Patch commits

GitHub Security Advisory (GHSA-v8cx-933x-r976)

Affected packages

OpenClaw / OpenClaw
< 2026.4.25 (from 0)
Fixed in 2026.4.25

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available