CVE Catalog

CVE-2026-53814

HighCVSS 8.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile - higher than 13% of all known CVEs

Summary

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agents incorrectly receive owner-scoped MCP loopback authority. Attackers with a valid hook token can exploit the /hooks/agent endpoint to access owner-only MCP tools.

Risk Assessment

This vulnerability could allow attackers to perform privileged actions, such as persistent cron state modifications, posing a serious security threat to the system.

Recommendation

It is recommended to update OpenClaw to version 2026.5.20 or later to mitigate this vulnerability and to monitor access to the /hooks/agent endpoint.

Original NVD description (English source)

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS