Path Traversal Vulnerability in OpenClaw by OpenClaw
CVE-2026-53865

7.2HIGH

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-53865?

OpenClaw versions prior to 2026.5.2 are susceptible to a path traversal vulnerability. This security flaw arises during maintenance task execution, allowing workspace-derived service paths to manipulate command selection in the trash functionality. As a consequence, attackers may exploit this vulnerability to execute unauthorized local executables from paths that were not intended to be used by the operator, posing a significant threat during maintenance operations.

Affected Version(s)

OpenClaw 0 < 2026.5.2

OpenClaw 2026.5.2

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/openclaw-arbitrary-c...

third-party-advisory

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 10, 2026

CVE-2026-53865 Data

JSON

Openclaw

What is CVE-2026-53865?

Affected Version(s)

References

CVSS V4

Timeline