CVE-2026-53831— OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist
Possible ATT&CK Techniques 3AI
T1053 · Scheduled Task/Job T1530 · Data from Cloud Storage T1059 · Command and Scripting InterpreterGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53831
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw团队开源的一个智能人工助理。 OpenClaw 2026.5.18之前版本存在安全漏洞,该漏洞源于system.run safe-bin allowlist验证中的策略执行问题,可能导致shell扩展修改POSIX节点上的命令解释。经过身份验证的操作者可以利用批准命令中的shell元字符读取意外的节点本地文件,暴露敏感配置数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53831
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53831
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53831 (2)
Same Patch Batch · OpenClaw · 2026-06-12 · 20 CVEs total
| CVE-2026-53838 | 9.8 CRITICAL | OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection |
| CVE-2026-53822 | 8.8 HIGH | OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval an |
| CVE-2026-53836 | 8.8 HIGH | OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases |
| CVE-2026-53821 | 8.8 HIGH | OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket |
| CVE-2026-53828 | 8.8 HIGH | OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement |
| CVE-2026-53823 | 8.1 HIGH | OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom |
| CVE-2026-53829 | 8.0 HIGH | OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display |
| CVE-2026-53833 | 7.7 HIGH | QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command |
| CVE-2026-53832 | 7.7 HIGH | OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration |
| CVE-2026-53834 | 7.5 HIGH | OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands |
| CVE-2026-53820 | 6.6 MEDIUM | OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn |
| CVE-2026-53827 | 6.5 MEDIUM | OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.acti |
| CVE-2026-53825 | 6.5 MEDIUM | OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write |
| CVE-2026-53824 | 6.5 MEDIUM | Mattermost plugin for OpenClaw < 2026.4.24 - Slash Token Revocation Lag via Monitor Refres |
| CVE-2026-53830 | 6.5 MEDIUM | OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload |
| CVE-2026-53839 | 6.5 MEDIUM | OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation |
| CVE-2026-53826 | 4.3 MEDIUM | OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn |
| CVE-2026-53835 | 4.3 MEDIUM | OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings |
| CVE-2026-53837 | 3.7 LOW | OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To
Same vendor: OpenClaw
- CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To
Same weakness: CWE-367
- CVE-2026-48983
pam_usb: TOCTOU race condition in pad directory creation all - CVE-2026-6733
undici vulnerable to HTTP response queue poisoning via keep- - CVE-2026-54228
Abrt: toctou race condition in abrt-dbus setelement allows a - CVE-2026-53838
OpenClaw < 2026.5.27 - Node Pairing State Mutation via Recon - CVE-2026-53822
OpenClaw < 2026.5.18 - Command Argument Modification via She
V. Comments for CVE-2026-53831
No comments yet