CVE-2026-53856 Overview
CVE-2026-53856 is an insecure file permissions vulnerability in OpenClaw versions 2026.4.23 before 2026.4.24. The config recovery routine restores the OpenClaw.json file with overly broad permissions [CWE-732]. Local attackers on shared hosts can read sensitive configuration data by triggering the recovery path and accessing the restored file. The flaw affects the openclaw:openclaw Node.js package and exposes confidential configuration content without requiring elevated privileges.
Critical Impact
Local users on shared systems can read sensitive configuration data, including any credentials or secrets stored in OpenClaw.json, after a recovery event restores the file with permissive access rights.
Affected Products
- OpenClaw 2026.4.23 (Node.js package)
- All OpenClaw releases prior to 2026.4.24
- Shared-host deployments where multiple local users access the same filesystem
Discovery Timeline
- 2026-06-16 - CVE-2026-53856 published to NVD
- 2026-06-18 - Last updated in NVD database
Technical Details for CVE-2026-53856
Vulnerability Analysis
The vulnerability resides in the OpenClaw configuration recovery path that rewrites OpenClaw.json after a failure or restore event. When the recovery routine creates the restored file, it does not apply restrictive file permissions. The resulting file is world-readable on the host filesystem.
On multi-tenant or shared hosts, any local user can read the configuration file once it has been restored. Configuration files of this type frequently contain API keys, database connection strings, tokens, and other sensitive material. The exploitation requires only local shell access and basic filesystem read permissions.
The issue maps to CWE-732: Incorrect Permission Assignment for Critical Resource. It is a confidentiality-only impact with no integrity or availability consequences as scored in the CVSS 4.0 vector. See the VulnCheck Advisory for additional technical context.
Root Cause
The recovery logic writes OpenClaw.json using default process umask behavior rather than explicitly setting restrictive modes such as 0600. The original configuration file may have correct permissions, but the recovery path overwrites this hardening. As a result, the restored file inherits permissions that grant read access to other local users.
Attack Vector
Exploitation requires local access to the host running OpenClaw. An attacker with a normal user account waits for or triggers a configuration recovery event. Once the recovery completes, the attacker reads OpenClaw.json directly from disk using standard tools such as cat, cp, or less. No interaction with the OpenClaw process itself is required.
No verified proof-of-concept code is available for this issue. See the
GitHub Security Advisory GHSA-rwp6-7w3q-75fq and the VulnCheck advisory
for authoritative technical details on the recovery path behavior.
Detection Methods for CVE-2026-53856
Indicators of Compromise
- Presence of OpenClaw.json with permissions broader than 0600 or owner-only access
- Unexpected read access entries in filesystem audit logs targeting OpenClaw.json
- Local user processes opening OpenClaw.json outside the OpenClaw service account
- Configuration recovery events in OpenClaw logs followed by access from non-owner users
Detection Strategies
- Audit filesystem permissions on all OpenClaw.json instances using stat or find -perm sweeps
- Enable Linux audit rules (auditd) on the OpenClaw configuration directory to record open and read syscalls
- Correlate OpenClaw recovery log entries with subsequent file access by non-service accounts
- Compare deployed OpenClaw version against 2026.4.24 to identify vulnerable hosts
Monitoring Recommendations
- Continuously monitor permission state of configuration files in OpenClaw deployments
- Alert on any write to OpenClaw.json that results in group or world-readable modes
- Track local logon and shell activity on hosts running OpenClaw on shared infrastructure
- Forward filesystem audit events to a centralized logging or SIEM platform for correlation
How to Mitigate CVE-2026-53856
Immediate Actions Required
- Upgrade OpenClaw to version 2026.4.24 or later on all affected hosts
- Inventory existing OpenClaw.json files and reset permissions to owner-only (chmod 600)
- Rotate any secrets, tokens, or credentials previously stored in OpenClaw.json
- Restrict shell access on shared hosts running OpenClaw to trusted administrators
Patch Information
The vendor addressed the issue in OpenClaw 2026.4.24. Review the GitHub Security Advisory GHSA-rwp6-7w3q-75fq for the authoritative fix description and version metadata. Package consumers should update through npm or their dependency manager and verify the installed version after upgrade.
Workarounds
- Manually enforce chmod 600 OpenClaw.json after any recovery event until patching is complete
- Run OpenClaw under a dedicated service account on a host without other local users
- Move sensitive values out of OpenClaw.json into an external secrets manager
- Apply a restrictive umask (such as 0077) to the OpenClaw process environment
# Verify and harden OpenClaw configuration file permissions
stat -c '%a %U %G %n' /path/to/OpenClaw.json
chown openclaw:openclaw /path/to/OpenClaw.json
chmod 600 /path/to/OpenClaw.json
# Confirm the patched version is installed
npm ls openclaw | grep -E '2026\.4\.(2[4-9]|[3-9][0-9])'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
