CPE
OpenClaw Vulnerability Allows Loading of Unscanned Payloads via Malicious Metadata
3 TTPs 1 CVEA high-severity vulnerability, CVE-2026-53810, in OpenClaw's marketplace runtime extension metadata allows an attacker to craft a malicious package that, when installed by a trusted operator, redirects runtime loading to hidden, unscanned code, potentially leading to unauthorized code execution and bypassing security checks.
OpenClaw Control UI Locality Spoofing Vulnerability
2 TTPs 1 CVEAn authentication bypass vulnerability (CVE-2026-53817) in OpenClaw's Control UI pairing mechanism allows an attacker with existing network/authentication foothold in LAN/shared-token deployments to spoof locality information, leading to the acquisition of a durable admin-capable device token that grants persistent administrative access, even after shared gateway tokens are rotated.
OpenClaw Matrix allowFrom Vulnerability (CVE-2026-53811)
1 CVEA high-severity vulnerability (CVE-2026-53811) in OpenClaw's Matrix `allowFrom` feature allows threat actors to exploit mutable display names to match policy entries, potentially granting unauthorized agent access intended for another Matrix identity.
OpenClaw Workspace .env Homebrew Executable Override Vulnerability (CVE-2026-53819)
1 TTP 1 CVEA high-severity vulnerability (CVE-2026-53819) in OpenClaw versions prior to 2026.5.27 allows a malicious `.env` file within a repository to override the Homebrew executable selection during skill installation flows, potentially leading to arbitrary code execution on trusted operator systems running macOS or Linux.
OpenClaw Vulnerability Allows Unintended Artifact Loading (CVE-2026-53813)
1 CVEA high-severity vulnerability, CVE-2026-53813, in npm/openclaw versions <= 2026.4.24 allows fake package roots to influence memory-core artifact loading, potentially leading to the selection and execution of unintended local artifacts based on attacker-controlled or lower-trust input reaching the affected path.
OpenClaw Vulnerability Allows Execution Revalidation Bypass (CVE-2026-53806)
1 CVEA high-severity vulnerability, CVE-2026-53806, in npm/openclaw versions up to 2026.5.7, allows attackers to bypass 'exec revalidation' controls by confusing the application with combined POSIX shell options, leading to unauthorized inline shell content execution and potential remote code execution.
OpenClaw Node Forgery via Missing Provenance Check (CVE-2026-53816)
2 TTPs 1 CVEA vulnerability, CVE-2026-53816, in npm/openclaw versions prior to 2026.5.18, allows a malicious or compromised paired node to forge 'exec' lifecycle events and send them to the gateway, which, due to a missing provenance check, accepts the attacker-supplied event data as legitimate execution results, leading to unauthorized capability exposure for the compromised node.