CVE-2026-53848— OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers
Possible ATT&CK Techniques 1AI
T1059 · Command and Scripting InterpreterGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53848
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to perform unintended operations.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不完整的黑名单
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53848
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53848
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53848 (1)
Other References for CVE-2026-53848 (1)
Same Patch Batch · OpenClaw · 2026-06-16 · 27 CVEs total
| CVE-2026-53843 | 8.8 HIGH | OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session |
| CVE-2026-53853 | 8.3 HIGH | OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS |
| CVE-2026-53849 | 8.1 HIGH | OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom |
| CVE-2026-53857 | 8.1 HIGH | OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy |
| CVE-2026-53864 | 8.1 HIGH | OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control V |
| CVE-2026-53855 | 8.1 HIGH | OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks |
| CVE-2026-53866 | 8.1 HIGH | OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing |
| CVE-2026-53863 | 7.1 HIGH | OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy |
| CVE-2026-53846 | 7.1 HIGH | OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath |
| CVE-2026-53865 | 7.1 HIGH | OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH |
| CVE-2026-53858 | 7.1 HIGH | OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment |
| CVE-2026-53840 | 7.1 HIGH | OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirect |
| CVE-2026-53842 | 7.1 HIGH | OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment V |
| CVE-2026-53861 | 6.6 MEDIUM | OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS |
| CVE-2026-53854 | 6.5 MEDIUM | OpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Int |
| CVE-2026-53844 | 6.5 MEDIUM | OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search |
| CVE-2026-53859 | 6.5 MEDIUM | OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency |
| CVE-2026-53841 | 6.1 MEDIUM | OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session |
| CVE-2026-53856 | 5.5 MEDIUM | OpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw |
| CVE-2026-53850 | 5.5 MEDIUM | OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa
Same vendor: OpenClaw
- CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To
Same weakness: CWE-184
- CVE-2026-53873
picklescan - Arbitrary Code Execution via profile.run() Bloc - CVE-2025-71323
picklescan - Remote Code Execution via Unblocked ctypes Modu - CVE-2025-71320
picklescan - Remote Code Execution via Incomplete Disallowed - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53861
OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX In
V. Comments for CVE-2026-53848
No comments yet