CVE-2026-53854
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
OpenClaw before version 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries.
Risk Assessment
Attackers can exploit this vulnerability by sending commands on affected internal or webchat paths, potentially executing owner-style command behavior outside intended channel scope and bypassing access controls.
Recommendation
It is recommended to update OpenClaw to version 2026.4.25 or later to mitigate this vulnerability and to review and strengthen access controls in the system.
Original NVD description (English source)
OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or webchat paths to execute owner-style command behavior outside intended channel scope, potentially bypassing access controls.

