CVE Catalog

CVE-2026-53806

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

22th percentile - higher than 22% of all known CVEs

Summary

OpenClaw before version 2026.5.12 contains a shell option parsing vulnerability that allows bypassing exec revalidation checks. Attackers can exploit this vulnerability to execute unauthorized commands.

Risk Assessment

Organizations may be exposed to unauthorized command execution, potentially leading to serious security breaches.

Recommendation

It is recommended to update OpenClaw to version 2026.5.12 or later to mitigate this vulnerability.

Original NVD description (English source)

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling unauthorized command execution when the affected feature is enabled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS