CVE Catalog

CVE-2026-53845

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

OpenClaw before version 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy enforcement mechanisms.

Risk Assessment

Organizations may be exposed to unauthorized actions that bypass security controls, potentially leading to data breaches or non-compliance with security policies.

Recommendation

It is recommended to update OpenClaw to version 2026.5.6 or later to mitigate this vulnerability and review existing auditing and policy enforcement mechanisms.

Original NVD description (English source)

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy enforcement mechanisms.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS