Zero Day MonitorZDM

← Back to list

8.1

CVE-2026-53866EXPLOITEDPATCHED

OpenClaw · OpenClaw

OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

Description

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell content execution without intended approval prompts.

Affected Products

Vendor	Product	Versions
OpenClaw	OpenClaw	npm/openclaw: <= 2026.5.10-beta.1

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-f397-5vjw-v2c2(vendor-advisory)
https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-in-shell-inline-command-parsing(third-party-advisory)

Related News (1 articles)

Tier C

VulDB11d ago

CVE-2026-53866 | OpenClaw up to 2026.5.11 authorization (GHSA-f397-5vjw-v2c2)

→ No new info (linked only)

CVSS 3.18.1 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

openclaw@2026.5.12

CWECWE-184

PublishedJun 16, 2026

Last enriched11d agov2

Tags

privilege escalationcode executiondata disclosuresecurity bypass

Trending Score9

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Emerging AI Supply Chain Threat in OpenClaw's Skill Marketplace

HIGHCVE-2026-53865EXP

OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

HIGHCVE-2026-53853EXP

OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS

HIGHCVE-2026-53843EXP

OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session

MEDIUMCVE-2026-53851

OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Jun 16, 2026

Discovered by ZDM

Jun 16, 2026

Updated: vendor, product, affectedVersions, patchAvailable

Jun 16, 2026

Actively Exploited

Jun 18, 2026

Exploit Available

Jun 18, 2026

Patch Available

Jun 18, 2026

Version History

v2

Last enriched 11d ago

v2Tier C11d ago

Updated vendor and product information, changed severity to CRITICAL, and added affected version 2026.5.11 with a patch available at 2026.5.12.

vendorproductaffectedVersionspatchAvailable

via VulDB

v111d ago

Initial creation