CVE-2026-53856

Vulnerability

OpenClaw versions before 2026.4.24 contain an insecure file permissions vulnerability (CWE-732) in the config recovery feature. When configuration repair triggers the recovery path, the restored OpenClaw.json file is written with overly broad permissions, making it readable by other local users on the same host [1][2]. The affected feature is the config recovery mechanism, which is reachable when the operator initiates a configuration repair.

Exploitation

An attacker with local access to a shared host and low privileges (PR:L) can exploit this vulnerability. The attack vector is local (AV:L), requires no user interaction (UI:N), and has low attack complexity (AC:L). The attacker must wait for or trigger a config recovery event (e.g., via a repair operation). Once the recovery completes, the attacker can read the restored OpenClaw.json file due to its overly permissive file permissions [1][2].

Impact

Successful exploitation results in the disclosure of sensitive configuration data stored in OpenClaw.json. The confidentiality impact is high, while integrity and availability are not affected. The attacker gains read access to configuration details but does not achieve privilege escalation; the compromise is limited to information disclosure within the scope of the local host [1][2].

Mitigation

The vulnerability is fixed in OpenClaw version 2026.4.24 [1]. As a workaround, operators on shared hosts should manually check and correct the permissions of OpenClaw.json after any config recovery operation. Additional hardening measures include disabling the config recovery feature when not needed, keeping channel and tool allowlists narrow, and avoiding sharing a single Gateway instance between mutually untrusted users [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.