CVE-2026-53850
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
OpenClaw before version 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks.
Risk Assessment
Attackers can exploit this vulnerability to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.
Recommendation
It is recommended to update OpenClaw to version 2026.4.25 or later to mitigate this vulnerability and to implement additional authorization checks for the focus command.
Original NVD description (English source)
OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.

