CVE-2026-53865: Openclaw Path Traversal Vulnerability

CVE-2026-53865 Overview

CVE-2026-53865 is a path traversal vulnerability affecting OpenClaw versions prior to 2026.5.2. The flaw resides in the maintenance task execution logic, where workspace-derived service paths influence trash command selection. Attackers with local, low-privileged access can manipulate workspace-derived environment paths to coerce maintenance operations into executing unintended local binaries from operator-unintended directories. The issue is classified as [CWE-426] Untrusted Search Path and impacts confidentiality and integrity of the host running the affected component.

Critical Impact
Local attackers can execute arbitrary binaries from attacker-influenced paths during OpenClaw maintenance operations, leading to code execution under the service context.

Affected Products

OpenClaw (Node.js distribution) versions prior to 2026.5.2
OpenClaw 2026.5.26-beta1
OpenClaw 2026.5.26-beta2

Discovery Timeline

2026-06-16 - CVE-2026-53865 published to NVD
2026-06-18 - Last updated in NVD database

Technical Details for CVE-2026-53865

Vulnerability Analysis

The vulnerability stems from how OpenClaw resolves executables invoked by its maintenance task subsystem. When maintenance routines perform trash or cleanup operations, the command lookup depends on environment paths derived from the workspace context rather than a fixed, trusted path. This design lets an attacker who controls workspace-derived environment variables steer the command resolver toward a binary of their choosing.

Because the maintenance subsystem runs with the privileges of the OpenClaw service account, any binary it invokes inherits that context. The attacker does not need to overwrite OpenClaw's own files. Instead, they supply a malicious executable on a path that the workspace-derived environment promotes ahead of legitimate system directories.

Root Cause

The root cause is an untrusted search path condition [CWE-426] in the maintenance task executor. OpenClaw composes the effective PATH (or equivalent lookup order) using values that originate in workspace configuration, which a local user can influence. The trash command is then resolved against that composed path without restricting candidate binaries to a fixed system location or validating the resolved absolute path.

Attack Vector

Exploitation requires local access with low privileges to the system running OpenClaw. The attacker stages a malicious executable with a name matching the trash utility OpenClaw expects, then sets or modifies workspace-derived environment values to prepend the staging directory. When OpenClaw triggers a maintenance task, the resolver selects the attacker's binary. User interaction is not required, and the attack complexity is low, though it depends on the presence of a manipulable workspace context.

For implementation specifics, refer to the OpenClaw GitHub Security Advisory GHSA-rx78-29qr-5hq8 and the VulnCheck Arbitrary Command Execution Advisory.

Detection Methods for CVE-2026-53865

Indicators of Compromise

Unexpected executables named after common trash or cleanup utilities (for example rm, trash, gio) placed inside workspace directories or user-writable paths referenced by OpenClaw.
Process telemetry showing the OpenClaw service spawning binaries from non-system locations such as user home directories, /tmp, or workspace folders.
Workspace configuration changes that prepend writable directories to environment path variables consumed by OpenClaw maintenance tasks.

Detection Strategies

Audit process creation events where the parent is the OpenClaw service and the child executable resolves outside of trusted system directories such as /usr/bin, /bin, or /usr/local/bin.
Compare the resolved absolute path of trash commands invoked by OpenClaw against an allowlist of expected binaries.
Review OpenClaw maintenance task logs for entries that reference command paths originating in workspace-controlled locations.

Monitoring Recommendations

Enable file integrity monitoring on directories that OpenClaw reads for workspace configuration, alerting on new executable files.
Forward OpenClaw service logs and host process telemetry to a centralized analytics pipeline to correlate maintenance task execution with unusual child processes.
Track environment variable changes for the OpenClaw service account, particularly modifications to PATH or workspace-derived equivalents.

How to Mitigate CVE-2026-53865

Immediate Actions Required

Upgrade OpenClaw to version 2026.5.2 or later on all affected hosts.
Restrict local access to systems running OpenClaw and enforce least privilege for accounts able to modify workspace configuration.
Inventory workspace directories for unexpected executables matching trash or cleanup utility names and remove any that are not vendor-provided.

Patch Information

OpenClaw maintainers released a fixed build in version 2026.5.2. The patch removes reliance on workspace-derived environment paths for resolving maintenance task commands. Patch details and version metadata are published in the OpenClaw GitHub Security Advisory GHSA-rx78-29qr-5hq8.

Workarounds

Run the OpenClaw service under a dedicated low-privilege account that cannot write to workspace directories used during maintenance tasks.
Override the service environment so that PATH is set to a fixed list of trusted system directories before OpenClaw starts.
Disable or schedule maintenance tasks only during controlled maintenance windows where workspace contents are reviewed beforehand.

bash

# Example systemd override pinning PATH for the OpenClaw service
# /etc/systemd/system/openclaw.service.d/override.conf
[Service]
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"