PT-2026-49773 · Openclaw · Openclaw
Kaze310
·
Published
2026-06-16
·
Updated
2026-06-16
·
CVE-2026-53856
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions 2026.4.23 through 2026.4.23
Description
An insecure file permissions issue exists in the config recovery process that restores the
OpenClaw.json file with overly broad permissions. Local attackers on shared hosts can exploit the recovery path to read sensitive configuration data from the restored file.Recommendations
Update to version 2026.4.24.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw