CVE Catalog

CVE-2026-53861

MediumCVSS 6.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

OpenClaw before version 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check, potentially allowing unauthorized command execution depending on operator configuration.

Risk Assessment

This vulnerability poses a risk of unauthorized command execution, which could lead to serious security breaches in systems using OpenClaw. Organizations should be aware of potential threats related to improper operator configurations.

Recommendation

It is recommended to update OpenClaw to version 2026.5.6 or later to mitigate this vulnerability. Additionally, conducting an audit of operator configurations is advisable to minimize the risk of unauthorized access.

Original NVD description (English source)

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator configuration.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS