CVE Catalog

CVE-2026-53819

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

OpenClaw before version 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.

Risk Assessment

This vulnerability poses a risk that attackers could exploit a trusted environment to execute malicious code, potentially leading to serious security breaches within the organization.

Recommendation

It is recommended to update OpenClaw to version 2026.5.27 or later and to restrict access to trusted operator workspaces.

Original NVD description (English source)

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS