{"uuid": "7cdea049-7f27-4f10-892a-c0f071b4a2f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53856", "type": "seen", "source": "https://gist.github.com/alon710/ce6be6956edb730f85105a449ccea809", "content": "# CVE-2026-53856: CVE-2026-53856: Incorrect Permission Assignment for Critical Resource in OpenClaw Config Recovery\n\n> **CVSS Score:** 5.7\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53856\n\n## Summary\nOpenClaw versions before 2026.4.24 contain an insecure file permissions vulnerability in the configuration recovery mechanism. When a local configuration repair is triggered, the recovery path restores the primary configuration file, `openclaw.json`, with overly broad permissions. This enables low-privileged local attackers in multi-user or shared hosting environments to read sensitive system credentials, API tokens, and private assistant configurations.\n\n## TL;DR\nOpenClaw's configuration recovery mechanism recreates `openclaw.json` with overly permissive file system permissions (e.g., 0644 instead of 0600). This allows local, low-privileged users on the same host to read sensitive parameters, including OpenAI and Anthropic API keys.\n\n## Technical Details\n\n- **CWE ID**: CWE-732\n- **Attack Vector**: Local\n- **CVSS v4.0 Score**: 5.7 (Medium)\n- **EPSS Score**: 0.00094\n- **Impact**: High Confidentiality Loss\n- **Exploit Status**: none\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw operating in multi-user or shared hosting environments\n- **OpenClaw**: >= 2026.4.23, < 2026.4.24 (Fixed in: `2026.4.24`)\n\n## Mitigation\n\n- Upgrade OpenClaw to version 2026.4.24 or later to ensure the recovery routine writes the configuration file with secure permissions.\n- Manually modify permissions of the existing 'openclaw.json' to restrict read and write access to the owner only.\n- Configure a restrictive system umask (such as 0077) for the user account running the OpenClaw service.\n\n**Remediation Steps:**\n1. Identify the installation path of the OpenClaw configuration file (usually 'openclaw.json').\n2. Apply owner-only permissions to the file using the command: chmod 600 /path/to/openclaw/openclaw.json\n3. Verify the permissions are securely set by running: ls -la /path/to/openclaw/openclaw.json\n4. Upgrade the application binary to version 2026.4.24 to permanently fix the recovery path logic.\n\n## References\n\n- [GitHub Security Advisory (GHSA-rwp6-7w3q-75fq)](https://github.com/openclaw/openclaw/security/advisories/GHSA-rwp6-7w3q-75fq)\n- [VulnCheck Advisory Detail](https://www.vulncheck.com/advisories/openclaw-insecure-file-permissions-in-config-recovery-via-openclaw-json)\n- [CVE.org Record for CVE-2026-53856](https://www.cve.org/CVERecord?id=CVE-2026-53856)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53856) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T09:41:32.000000Z"}