Product
A high-severity vulnerability, CVE-2026-53813, in npm/openclaw versions <= 2026.4.24 allows fake package roots to influence memory-core artifact loading, potentially leading to the selection and execution of unintended local artifacts based on attacker-controlled or lower-trust input reaching the affected path.