CVE-2026-53866
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands.
Risk Assessment
This vulnerability could lead to unauthorized command execution, posing a significant threat to the security of the system and the organization's data.
Recommendation
It is recommended to update OpenClaw to version 2026.5.12 or later to mitigate this vulnerability.
Original NVD description (English source)
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell content execution without intended approval prompts.

