CVE Catalog

CVE-2026-53848

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

OpenClaw before version 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation.

Risk Assessment

This vulnerability may lead to unauthorized operations being executed, posing a serious threat to the integrity of the system and data. Organizations could be exposed to attacks leveraging this vulnerability for unintended actions.

Recommendation

It is recommended to update OpenClaw to version 2026.5.26 or later to mitigate this vulnerability. Additionally, conducting a security audit is advisable to minimize risks associated with unauthorized access.

Original NVD description (English source)

OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to perform unintended operations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS