Zero Day MonitorZDM

← Back to list

7.1

CVE-2026-53865EXPLOITEDPATCHED

openclaw · openclaw

OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

Description

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by manipulating workspace-derived environment paths.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	npm/openclaw: < 2026.5.2

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-rx78-29qr-5hq8(vendor-advisory)
https://www.vulncheck.com/advisories/openclaw-arbitrary-command-execution-via-workspace-derived-service-path(third-party-advisory)

Related News (1 articles)

Tier C

VulDB11d ago

CVE-2026-53865 | OpenClaw up to 2026.5.1 untrusted search path (GHSA-rx78-29qr-5hq8)

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

openclaw@2026.5.2

CWECWE-426

PublishedJun 16, 2026

Last enriched11d agov2

Tags

privilege escalationcode executiondata disclosuresecurity bypass

Trending Score9

Source articles1

Independent1

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Emerging AI Supply Chain Threat in OpenClaw's Skill Marketplace

HIGHCVE-2026-53866EXP

OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

HIGHCVE-2026-53853EXP

OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS

HIGHCVE-2026-53843EXP

OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session

MEDIUMCVE-2026-53851

OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 16, 2026

Discovered by ZDM

Jun 16, 2026

Updated: affectedVersions, severity, cweIds

Jun 16, 2026

Actively Exploited

Jun 18, 2026

Exploit Available

Jun 18, 2026

Patch Available

Jun 18, 2026

Version History

v2

Last enriched 11d ago

v2Tier C11d ago

Updated affected versions to include 2026.5.1, changed severity to MEDIUM, and noted that no exploit is available.

affectedVersionsseveritycweIds

via VulDB

v111d ago

Initial creation