CVE Catalog

CVE-2026-53850

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

OpenClaw before version 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks.

Risk Assessment

Attackers can exploit this vulnerability to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.

Recommendation

It is recommended to update OpenClaw to version 2026.4.25 or later to mitigate this vulnerability and to implement additional authorization checks for the focus command.

Original NVD description (English source)

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS