CVE-2026-53853— OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS
Possible ATT&CK Techniques 3AI
T1087 · Account Discovery T1610 · Deploy Container T1059 · Command and Scripting InterpreterGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53853
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
保护机制失效
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53853
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53853
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53853 (2)
Same Patch Batch · OpenClaw · 2026-06-16 · 27 CVEs total
| CVE-2026-53843 | 8.8 HIGH | OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session |
| CVE-2026-53857 | 8.1 HIGH | OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy |
| CVE-2026-53864 | 8.1 HIGH | OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control V |
| CVE-2026-53855 | 8.1 HIGH | OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks |
| CVE-2026-53849 | 8.1 HIGH | OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom |
| CVE-2026-53866 | 8.1 HIGH | OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing |
| CVE-2026-53858 | 7.1 HIGH | OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment |
| CVE-2026-53865 | 7.1 HIGH | OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH |
| CVE-2026-53840 | 7.1 HIGH | OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirect |
| CVE-2026-53846 | 7.1 HIGH | OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath |
| CVE-2026-53842 | 7.1 HIGH | OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment V |
| CVE-2026-53863 | 7.1 HIGH | OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy |
| CVE-2026-53861 | 6.6 MEDIUM | OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS |
| CVE-2026-53854 | 6.5 MEDIUM | OpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Int |
| CVE-2026-53844 | 6.5 MEDIUM | OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search |
| CVE-2026-53859 | 6.5 MEDIUM | OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency |
| CVE-2026-53841 | 6.1 MEDIUM | OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session |
| CVE-2026-53856 | 5.5 MEDIUM | OpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw |
| CVE-2026-53850 | 5.5 MEDIUM | OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command |
| CVE-2026-53852 | 5.4 MEDIUM | OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To
Same vendor: OpenClaw
- CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To
Same weakness: CWE-693
- CVE-2026-44646
LiquidJS: `{% render %}` tag silently bypasses per-render `o - CVE-2025-71322
PickleScan - Unsafe Globals Check Bypass via pty.spawn Funct - CVE-2026-53845
OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via - CVE-2026-12214
Qihoo 360 Total Security Nucleus Engine Monitoring Logic Rpc - CVE-2026-47140
vm2: NodeVM builtin denylist bypass via process and inspecto
V. Comments for CVE-2026-53853
No comments yet