Skip to content
Threat Feed

CPE

Cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

7 briefs RSS
high advisory

OpenClaw Vulnerability Allows Loading of Unscanned Payloads via Malicious Metadata

A high-severity vulnerability, CVE-2026-53810, in OpenClaw's marketplace runtime extension metadata allows an attacker to craft a malicious package that, when installed by a trusted operator, redirects runtime loading to hidden, unscanned code, potentially leading to unauthorized code execution and bypassing security checks.

npm/openclaw vulnerability supply-chain code-execution nodejs npm
3t 1c
high advisory

OpenClaw Control UI Locality Spoofing Vulnerability

An authentication bypass vulnerability (CVE-2026-53817) in OpenClaw's Control UI pairing mechanism allows an attacker with existing network/authentication foothold in LAN/shared-token deployments to spoof locality information, leading to the acquisition of a durable admin-capable device token that grants persistent administrative access, even after shared gateway tokens are rotated.

openclaw authentication vulnerability admin-access persistence network
2t 1c
high threat

OpenClaw Matrix allowFrom Vulnerability (CVE-2026-53811)

A high-severity vulnerability (CVE-2026-53811) in OpenClaw's Matrix `allowFrom` feature allows threat actors to exploit mutable display names to match policy entries, potentially granting unauthorized agent access intended for another Matrix identity.

exploited npm/openclaw vulnerability matrix openclaw npm
1c
high advisory

OpenClaw Workspace .env Homebrew Executable Override Vulnerability (CVE-2026-53819)

A high-severity vulnerability (CVE-2026-53819) in OpenClaw versions prior to 2026.5.27 allows a malicious `.env` file within a repository to override the Homebrew executable selection during skill installation flows, potentially leading to arbitrary code execution on trusted operator systems running macOS or Linux.

OpenClaw vulnerability code-execution homebrew supply-chain macos linux
1t 1c
high advisory

OpenClaw Vulnerability Allows Unintended Artifact Loading (CVE-2026-53813)

A high-severity vulnerability, CVE-2026-53813, in npm/openclaw versions <= 2026.4.24 allows fake package roots to influence memory-core artifact loading, potentially leading to the selection and execution of unintended local artifacts based on attacker-controlled or lower-trust input reaching the affected path.

OpenClaw vulnerability supply-chain npm node.js
1c
high advisory

OpenClaw Vulnerability Allows Execution Revalidation Bypass (CVE-2026-53806)

A high-severity vulnerability, CVE-2026-53806, in npm/openclaw versions up to 2026.5.7, allows attackers to bypass 'exec revalidation' controls by confusing the application with combined POSIX shell options, leading to unauthorized inline shell content execution and potential remote code execution.

npm/openclaw vulnerability rce shell bypass code-execution linux macos
1c
high advisory

OpenClaw Node Forgery via Missing Provenance Check (CVE-2026-53816)

A vulnerability, CVE-2026-53816, in npm/openclaw versions prior to 2026.5.18, allows a malicious or compromised paired node to forge 'exec' lifecycle events and send them to the gateway, which, due to a missing provenance check, accepts the attacker-supplied event data as legitimate execution results, leading to unauthorized capability exposure for the compromised node.

npm/openclaw vulnerability privilege-escalation server-side npm
2t 1c