Session Visibility Check Bypass in OpenClaw by OpenClaw Vendor
CVE-2026-53844

6MEDIUM

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-53844?

OpenClaw, prior to version 2026.4.29, has a vulnerability that allows authenticated users to bypass session visibility checks during shared memory searches. This weakness enables attackers to gain unauthorized access to memory entries that should be restricted based on session permissions. By circumventing the session visibility guards along the search path, malicious actors can retrieve sensitive information and potentially exploit this flaw for further attacks.

Affected Version(s)

OpenClaw 0 < 2026.4.29

OpenClaw 2026.4.29

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/openclaw-session-vis...

third-party-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

zsx (@zsxsoft)

KeenSecurityLab

qclawer

CVE-2026-53844 Data

JSON

Openclaw

What is CVE-2026-53844?

Affected Version(s)

References

CVSS V4

Timeline

Credit