How is CVE-2026-53865 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network access to the service is required. Authentication (required): Any low-privilege local account is sufficient to carry out the attack; no administrative credentials are needed. Victim interaction (not-required): No action from another user or operator is required to trigger the vulnerable code path. Attack complexity (info): The exploit requires a specific prerequisite condition to be met (AT:P), meaning certain environmental or timing factors must align, though no race condition or memory-layout dependency is involved once that condition is satisfied.

What is the impact of CVE-2026-53865?

The attacker executes arbitrary binaries on the host by substituting a malicious executable into the path OpenClaw resolves during maintenance operations. Confidentiality of data accessible to the OpenClaw process is fully compromised, including workspace files, configuration, and any secrets in the process environment. Integrity of host files and workspace data is fully compromised, allowing the attacker to modify, overwrite, or delete persisted data. Service availability is not directly impacted according to the CVSS scoring for this vulnerability.

Back to search

HIGHCVE-2026-53865Published 2026-06-16Modified 2026-06-16CNA VulnCheck

CVE-2026-53865: OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

Q: What is CVE-2026-53865?

This is a path traversal vulnerability in OpenClaw, a workspace management tool, affecting all versions before 2026.5.2. An attacker with a low-privilege local account can manipulate workspace-derived environment paths to influence which executable gets run during maintenance operations, causing OpenClaw to execute unintended binaries from attacker-controlled paths. Successful exploitation gives the attacker arbitrary command execution on the host, with high impact to confidentiality and integrity of the affected system. A patched-image rebuild at version 2026.5.2 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-53865 fixed?

A patched-image rebuild at OpenClaw 2026.5.2 becomes available on HarborGuard for any image found to carry an affected version. For customers who opt into auto-remediation, HarborGuard runs a rebuild, executes a regression test pass, and opens a pull request against affected workloads.

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by manipulating workspace-derived environment paths.

CVSS v4.0: 7.2
Severity: HIGH
Fixed in: 2026.5.2
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a path traversal vulnerability in OpenClaw, a workspace management tool, affecting all versions before 2026.5.2. An attacker with a low-privilege local account can manipulate workspace-derived environment paths to influence which executable gets run during maintenance operations, causing OpenClaw to execute unintended binaries from attacker-controlled paths. Successful exploitation gives the attacker arbitrary command execution on the host, with high impact to confidentiality and integrity of the affected system. A patched-image rebuild at version 2026.5.2 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53865 is available across every HarborGuard environment. The CVE is matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle OpenClaw.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS 7.2 (High) and weighting it against each environment's compliance policy to determine urgency. Triage findings can be routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at OpenClaw 2026.5.2 becomes available on HarborGuard for any image found to carry an affected version. For customers who opt into auto-remediation, HarborGuard runs a rebuild, executes a regression test pass, and opens a pull request against affected workloads.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the service is required.
AuthenticationRequired
Any low-privilege local account is sufficient to carry out the attack; no administrative credentials are needed.
Victim interactionNot required
No action from another user or operator is required to trigger the vulnerable code path.
Attack complexityDetail
The exploit requires a specific prerequisite condition to be met (AT:P), meaning certain environmental or timing factors must align, though no race condition or memory-layout dependency is involved once that condition is satisfied.

Blast Radius

The attacker executes arbitrary binaries on the host by substituting a malicious executable into the path OpenClaw resolves during maintenance operations.
Confidentiality of data accessible to the OpenClaw process is fully compromised, including workspace files, configuration, and any secrets in the process environment.
Integrity of host files and workspace data is fully compromised, allowing the attacker to modify, overwrite, or delete persisted data.
Service availability is not directly impacted according to the CVSS scoring for this vulnerability.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-53865 is active across all connected registries and CI pipelines, matching any image layer that includes OpenClaw below 2026.5.2. For environments where a fix is applicable, a rebuilt image at version 2026.5.2 is ready for promotion. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs regression tests, and opens a pull request against affected workloads automatically; the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and triage report are queued for reviewer action. Given that exploitation requires only a low-privilege local account and yields full command execution, prioritizing this update in environments where multiple users share host access is advisable.

See how HarborGuard automates this

Fix available

2026.5.2

Affected packages

OpenClaw / OpenClaw
< 2026.5.2 (from 0)
Fixed in 2026.5.2

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available