CVE-2026-53865

Vulnerability

OpenClaw before version 2026.5.2 contains a path traversal vulnerability in maintenance task execution. The workspace-derived environment path can influence trash command selection, allowing an attacker to run unintended local executables from operator-unintended paths during maintenance operations. [1][2]

Exploitation

An attacker with local authenticated access as an operator can manipulate workspace-derived environment paths to cause maintenance tasks to select and execute a malicious trash executable from an unintended location. This requires the affected feature to be enabled and the operator to have the ability to influence workspace configurations. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary local executables from a path the operator did not intend. The practical impact depends on the operator's configuration and whether lower-trust input can reach that path. According to the advisory, it does not change OpenClaw's trusted-operator model. [1]

Mitigation

The first stable patched version is 2026.5.2. As a workaround, keep maintenance flows on trusted workspaces and fixed service paths until patched. Also keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when not needed. [1]