CVE Catalog

CVE-2026-53855

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile - higher than 19% of all known CVEs

Summary

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters.

Risk Assessment

Attackers can exploit this vulnerability to execute unapproved shell-provided content, potentially leading to serious security breaches in the system.

Recommendation

It is recommended to update OpenClaw to version 2026.4.2 or later to mitigate this vulnerability and strengthen security controls.

Original NVD description (English source)

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to place inline-eval content in shell carriers outside intended allowlist rules, enabling execution of unapproved shell-provided content.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS