CVE-2026-53844: Missing Session Visibility Authorization Bypass in OpenClaw Shared Memory Search

The Node.js-based application OpenClaw provides a shared memory feature known as memory-wiki. This module allows users to catalog, document, and store session states, configuration templates, and transaction metadata. To prevent cross-tenant data leakage and preserve session boundaries, OpenClaw implements logic to restrict memory access to authorized sessions and their associated owners.

However, the global search mechanism exposed by the memory-wiki API contains an authorization bypass. Although individual fetch actions require rigorous session-matching credentials, the query parser exposed via the search interface does not enforce these boundaries. As a result, the search capability presents an expanded attack surface that exposes indexing keys across all user sessions.

An authenticated attacker with low-privileged access can use the shared search query path to view structured memory records belonging to other sessions. Because these memory structures often store sensitive state data, session-specific access tokens, or environment parameters, unauthorized read access to this repository compromises overall system confidentiality.

The root cause of CVE-2026-53844 is the missing application of authorization controls (specifically the SessionVisibilityGuard middleware) on the search endpoint router. In OpenClaw's design, individual elements retrieved from the shared memory database are protected. However, the router pattern for the global search endpoint accepts and parses query parameters without validating whether the caller's session has permission to access the matching objects.

The search controller interacts directly with the database query engine. If the search query parameters (such as q=* or empty inputs) are supplied by the caller, the system evaluates the query globally. It retrieves all matched index items from the storage engine and returns them directly to the client.

This flaw represents an instance of CWE-862 (Missing Authorization). The system performs authentication via standard session tokens or JSON Web Tokens (JWT) at the router level, but fails to check visibility authorization for individual search records returned. The code lack an intermediate security boundary that ensures search results are filtered to match the executing user's session identifier.

The routing structure prior to version 2026.4.29 defined the /api/memory-wiki/search endpoint using only authentication middleware. Below is an abstract representation of the vulnerable routing code in the routes/memoryWiki.js module:

// VULNERABLE: routes/memoryWiki.js
const express = require('express');
const router = express.Router();
const { searchMemoryWiki } = require('../controllers/memoryWikiController');
const { authenticateUser } = require('../middleware/auth');
 
// The router fails to include the SessionVisibilityGuard middleware
router.get('/search', authenticateUser, searchMemoryWiki);

In the patched version, the development team updated the router definition to enforce validation before invoking the controller. The SessionVisibilityGuard was introduced into the middleware pipeline, forcing the application to filter the query scope or validate the target scope parameter against the user's current session permissions:

// PATCHED: routes/memoryWiki.js
const express = require('express');
const router = express.Router();
const { searchMemoryWiki } = require('../controllers/memoryWikiController');
const { authenticateUser } = require('../middleware/auth');
const { SessionVisibilityGuard } = require('../middleware/visibilityGuard');
 
// The patch adds the SessionVisibilityGuard middleware to enforce access controls
router.get('/search', authenticateUser, SessionVisibilityGuard, searchMemoryWiki);

While this fix is complete for standard routes, security teams must ensure that custom query parameters or supplementary API endpoints referencing the memory-wiki database index also pass through the SessionVisibilityGuard to prevent similar bypass vectors.

To exploit CVE-2026-53844, an attacker requires network access to the target instance and valid, low-privileged credentials. Once authenticated, the attacker initiates a GET request against the /api/memory-wiki/search endpoint.

By supplying wildcards or null query parameters, the attacker forces the system to execute an unrestricted search query. The lack of validation on the backend allows the query parser to retrieve records regardless of their owner or session constraints.

GET /api/memory-wiki/search?q=* HTTP/1.1
Host: target-openclaw-app:port
Authorization: Bearer <attacker_session_token>
Accept: application/json

The server processes the request, matches the wildcard against the memory keys of all active sessions, and responds with an HTTP 200 OK. The JSON payload contains the full text of search entries, exposing data from separate, independent sessions.

The impact of this vulnerability is limited to the confidentiality of records stored within OpenClaw's shared memory architecture. An attacker cannot modify, append, or delete records via this route, resulting in an integrity score of None (I:N) and an availability score of None (A:N).

However, because the memory-wiki feature is utilized for cataloging system states and logging active values, the confidentiality impact is high (C:H). Compromising this repository allows attackers to harvest session IDs, tokens, internal structure configurations, or system logs. This can facilitate subsequent attacks, including credential reuse or session hijacking.

The vulnerability is particularly significant in multi-tenant environments where distinct organizations or business units operate on the same OpenClaw instance under the assumption that their session data remains isolated.

The primary remediation strategy is upgrading the OpenClaw installation to version 2026.4.29 or later. This upgrade modifies the route handler to systematically enforce visibility controls.

In scenarios where immediate patching is not possible, security administrators should deploy Web Application Firewall (WAF) rules to inspect and filter queries targeting the shared search path. Alternatively, access to the search path can be disabled completely by commenting out or removing the route definition within the application source code.

To identify historical exploitation attempts, security operations teams should analyze web server access logs for requests directed to /api/memory-wiki/search that contain wildcard queries or lack specific session parameters.