CVE-2026-53863
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
OpenClaw before version 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers can supply a group ID to the policy resolver, potentially triggering incorrect group-policy decisions for tool invocations.
Risk Assessment
This vulnerability may allow attackers to bypass intended access controls, posing a risk of unauthorized access to resources.
Recommendation
It is recommended to update OpenClaw to version 2026.4.25 or later to mitigate this vulnerability and implement additional validation mechanisms for group IDs.
Original NVD description (English source)
OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls.

