CVE Catalog

CVE-2026-53808

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

10th percentile — higher than 10% of all known CVEs

Summary

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow. This allows attackers to exploit agent tool calls to set apply: true despite approvalPolicy: pending configuration.

Risk Assessment

Attackers can exploit this vulnerability to apply workshop changes before the expected approval step, potentially modifying configurations without proper authorization.

Recommendation

It is recommended to update OpenClaw to version 2026.5.6 or later to mitigate this vulnerability. Additionally, conduct an audit of the approval policy and monitor for any unauthorized changes.

Original NVD description (English source)

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before the expected approval step, potentially modifying configurations without proper authorization.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS