Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-53865— OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

CVSS 7.1 · High EPSS 0.12% · P2

Affected Version Matrix 2

VendorProductVersion RangeStatus
OpenClawOpenClaw< 2026.5.2affected
2026.5.2unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53865

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by manipulating workspace-derived environment paths.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可信的搜索路径
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenClawOpenClaw 0 ~ 2026.5.2 -

II. Public POCs for CVE-2026-53865

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53865

登录查看更多情报信息。

Vendor Advisories for CVE-2026-53865 (2)

Same Patch Batch · OpenClaw · 2026-06-16 · 27 CVEs total

CVE-2026-538438.8 HIGHOpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session
CVE-2026-538538.3 HIGHOpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS
CVE-2026-538578.1 HIGHOpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy
CVE-2026-538648.1 HIGHOpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control V
CVE-2026-538558.1 HIGHOpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks
CVE-2026-538498.1 HIGHOpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom
CVE-2026-538668.1 HIGHOpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing
CVE-2026-538587.1 HIGHOpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment
CVE-2026-538407.1 HIGHOpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirect
CVE-2026-538467.1 HIGHOpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath
CVE-2026-538427.1 HIGHOpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment V
CVE-2026-538637.1 HIGHOpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy
CVE-2026-538616.6 MEDIUMOpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS
CVE-2026-538546.5 MEDIUMOpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Int
CVE-2026-538446.5 MEDIUMOpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search
CVE-2026-538596.5 MEDIUMOpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency
CVE-2026-538416.1 MEDIUMOpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session
CVE-2026-538565.5 MEDIUMOpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw
CVE-2026-538505.5 MEDIUMOpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command
CVE-2026-538525.4 MEDIUMOpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing

Showing top 20 of 27 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: OpenClaw
Same vendor: OpenClaw
Same weakness: CWE-426

V. Comments for CVE-2026-53865

No comments yet

Leave a comment