CVE-2026-53816
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
OpenClaw before version 2026.5.18 contains a provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway.
Risk Assessment
This vulnerability may lead to unauthorized access to capabilities that should not be available to the reduced node surface, posing a serious security threat to the system.
Recommendation
It is recommended to update OpenClaw to version 2026.5.18 or later to mitigate this vulnerability and to monitor node communication for potential attacks.
Original NVD description (English source)
OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering target sessions into exec-event paths that expose capabilities the reduced node surface should not provide.

