CVE Catalog

CVE-2026-53863

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

OpenClaw before version 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers can supply a group ID to the policy resolver, potentially triggering incorrect group-policy decisions for tool invocations.

Risk Assessment

This vulnerability may allow attackers to bypass intended access controls, posing a risk of unauthorized access to resources.

Recommendation

It is recommended to update OpenClaw to version 2026.4.25 or later to mitigate this vulnerability and implement additional validation mechanisms for group IDs.

Original NVD description (English source)

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS