CVE-2026-53826

Sažetak

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context to child models.

Reference

https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c
https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-sandboxed-session-spawn

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

12-06-2026 - 22:16

Objavljeno

12-06-2026 - 22:16