CVE-2026-53853
HighCVSS 8.3Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
OpenClaw before version 2026.5.12 contains a vulnerability that allows bypassing argument pattern validation in the exec allowlist. Attackers can invoke allowlisted executables with unrestricted arguments, potentially leading to unauthorized file access, network access, or command execution.
Risk Assessment
This vulnerability poses a risk of unauthorized access to Linux and macOS systems, which could lead to serious security breaches within the organization.
Recommendation
It is recommended to update OpenClaw to version 2026.5.12 or later to mitigate this vulnerability and review the configuration of the exec allowlist.
Original NVD description (English source)
OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.

