CVE-2026-53848
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
OpenClaw before version 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation.
Risk Assessment
This vulnerability may lead to unauthorized operations being executed, posing a serious threat to the integrity of the system and data. Organizations could be exposed to attacks leveraging this vulnerability for unintended actions.
Recommendation
It is recommended to update OpenClaw to version 2026.5.26 or later to mitigate this vulnerability. Additionally, conducting a security audit is advisable to minimize risks associated with unauthorized access.
Original NVD description (English source)
OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to perform unintended operations.

