Zero Day MonitorZDM

← Back to list

7.1

CVE-2026-53853EXPLOITEDPATCHED

openclaw · openclaw

OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS

Description

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	npm/openclaw: < 2026.5.12

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-v2ww-5rh7-2h5v(vendor-advisory)
https://www.vulncheck.com/advisories/openclaw-argument-pattern-bypass-in-exec-allowlist-via-linux-and-macos(third-party-advisory)

Related News (1 articles)

Tier C

VulDB11d ago

CVE-2026-53853 | OpenClaw up to 2026.5.11 on Linux protection mechanism (GHSA-v2ww-5rh7-2h5v)

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

openclaw@2026.5.12

CWECWE-693, CWE-863

PublishedJun 16, 2026

Last enriched11d agov2

Trending Score9

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Emerging AI Supply Chain Threat in OpenClaw's Skill Marketplace

HIGHCVE-2026-53866EXP

OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

HIGHCVE-2026-53865EXP

OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

HIGHCVE-2026-53843EXP

OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session

MEDIUMCVE-2026-53851

OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 16, 2026

Discovered by ZDM

Jun 16, 2026

Updated: severity, affectedVersions, activelyExploited

Jun 16, 2026

Actively Exploited

Jun 18, 2026

Patch Available

Jun 18, 2026

Version History

v2

Last enriched 11d ago

v2Tier C11d ago

Updated severity to CRITICAL, added affected version 2026.5.11, and marked the vulnerability as actively exploited.

severityaffectedVersionsactivelyExploited

via VulDB

v111d ago

Initial creation