CVE Catalog

CVE-2026-53866

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands.

Risk Assessment

This vulnerability could lead to unauthorized command execution, posing a significant threat to the security of the system and the organization's data.

Recommendation

It is recommended to update OpenClaw to version 2026.5.12 or later to mitigate this vulnerability.

Original NVD description (English source)

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell content execution without intended approval prompts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS