{"uuid": "c15f6d8d-7938-47b7-9adf-e151208ec49a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53858", "type": "seen", "source": "https://gist.github.com/alon710/b863239f1325d87e011dc1044f290c3c", "content": "# CVE-2026-53858: CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw\n\n> **CVSS Score:** 7.1\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53858\n\n## Summary\nOpenClaw versions prior to 2026.5.2 are vulnerable to an untrusted search path flaw (CWE-426) during workspace initialization. When an operator opens a workspace, the application parses the workspace's local `.env` file and uses the unvalidated `STATE_DIRECTORY` variable to resolve and execute bundled runtime dependencies. An attacker can exploit this to achieve local code execution under the security context of the operator.\n\n## TL;DR\nOpenClaw prior to 2026.5.2 loads critical system state paths from untrusted workspace `.env` files, enabling local code execution through dependency path hijacking.\n\n## Technical Details\n\n- **CWE ID**: CWE-426 (Untrusted Search Path)\n- **Attack Vector**: Local (L)\n- **CVSS v3.1 Score**: 7.1 (High)\n- **EPSS Score**: 0.00124 (Percentile: 2.46%)\n- **Impact**: Local Code Execution (LCE)\n- **Exploit Status**: None (No public exploit/PoC available)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw (npm package 'openclaw') running on developer or operator workspaces\n- **openclaw**: < 2026.5.2 (Fixed in: `2026.5.2`)\n\n## Mitigation\n\n- Upgrade OpenClaw to version 2026.5.2 or higher\n- Manually inspect and sanitize workspace .env files before opening\n- Disable auto-loading of repository-level environment configurations\n\n**Remediation Steps:**\n1. Identify all active installations of the openclaw npm package across development environments.\n2. Update openclaw dependencies to version 2026.5.2 via 'npm update openclaw'.\n3. Configure static analysis rules to flag any local repository containing 'STATE_DIRECTORY' overrides inside '.env' files.\n4. Restrict outbound network access from OpenClaw execution boundaries to prevent payload exfiltration.\n\n## References\n\n- [GitHub Security Advisory GHSA-wc84-j36w-pw4x](https://github.com/openclaw/openclaw/security/advisories/GHSA-wc84-j36w-pw4x)\n- [VulnCheck Security Advisory](https://www.vulncheck.com/advisories/openclaw-arbitrary-runtime-dependency-loading-via-state-directory-environment-variable)\n- [CVE.org Official Record](https://www.cve.org/CVERecord?id=CVE-2026-53858)\n- [NVD Official Record](https://nvd.nist.gov/vuln/detail/CVE-2026-53858)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53858) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T05:42:26.000000Z"}