CVE Catalog

CVE-2026-53854

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

OpenClaw before version 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries.

Risk Assessment

Attackers can exploit this vulnerability by sending commands on affected internal or webchat paths, potentially executing owner-style command behavior outside intended channel scope and bypassing access controls.

Recommendation

It is recommended to update OpenClaw to version 2026.4.25 or later to mitigate this vulnerability and to review and strengthen access controls in the system.

Original NVD description (English source)

OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or webchat paths to execute owner-style command behavior outside intended channel scope, potentially bypassing access controls.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS