Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-53826
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-12 Jun, 2026 | 21:56
Updated At-12 Jun, 2026 | 21:56
Rejected At-
▼CVE Numbering Authority (CNA)
OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context to child models.

Affected Products
Vendor
OpenClawOpenClaw
Product
OpenClaw
Repo
https://github.com/openclaw/openclaw
Default Status
unaffected
Versions
Affected
  • From 0 before 2026.4.26 (semver)
Unaffected
  • 2026.4.26 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-668Exposure of Resource to Wrong Sphere
Type: CWE
CWE ID: CWE-668
Description: Exposure of Resource to Wrong Sphere
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Anshuman Bhartiya (@anshumanbh)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c
vendor-advisory
https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-sandboxed-session-spawn
third-party-advisory
Hyperlink: https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c
Resource:
vendor-advisory
Hyperlink: https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-sandboxed-session-spawn
Resource:
third-party-advisory
Details not found