Skip to content
Threat Feed

Product

Npm/Openclaw (< 2026.5.18)

5 briefs RSS
high threat

OpenClaw Exec Approval Truncation Vulnerability

A high-severity vulnerability in OpenClaw's exec approval feature (versions prior to 2026.5.18) allows an authenticated attacker to bypass approval integrity by crafting a long command that appears benign in the truncated UI but contains a malicious suffix, leading to unauthorized command execution.

exploited npm/openclaw command-injection approval-bypass integrity-compromise application
2t
high advisory

OpenClaw Vulnerability Allows Loading of Unscanned Payloads via Malicious Metadata

A high-severity vulnerability, CVE-2026-53810, in OpenClaw's marketplace runtime extension metadata allows an attacker to craft a malicious package that, when installed by a trusted operator, redirects runtime loading to hidden, unscanned code, potentially leading to unauthorized code execution and bypassing security checks.

npm/openclaw vulnerability supply-chain code-execution nodejs npm
3t 1c
high advisory

OpenClaw Vulnerability Allows Local Forged Identity Headers

A vulnerability (GHSA-rggc-m335-3wvj) in OpenClaw's trusted-proxy deployments allows a local attacker on the same host to forge identity headers, bypassing intended security controls and potentially leading to unauthorized access or privilege escalation if the affected feature is enabled and reachable.

OpenClaw +1 vulnerability proxy privilege-escalation defense-evasion npm server
2t
high advisory

OpenClaw's POSIX Node system.run Safe-Bin Widened by Shell Expansion (GHSA-mhq8-78pj-5j79)

A vulnerability in OpenClaw's `system.run` safe-bin feature on POSIX nodes could allow a lower-privilege operator flow to read local files not intended by policy, as shell expansion can alter the interpretation of an approved command, causing a seemingly safe argument to expand into additional shell words and become a file operand, potentially exposing OpenClaw configuration data or other node-local information.

npm/openclaw vulnerability policy-bypass posix data-exposure
2t
high advisory

OpenClaw Node Forgery via Missing Provenance Check (CVE-2026-53816)

A vulnerability, CVE-2026-53816, in npm/openclaw versions prior to 2026.5.18, allows a malicious or compromised paired node to forge 'exec' lifecycle events and send them to the gateway, which, due to a missing provenance check, accepts the attacker-supplied event data as legitimate execution results, leading to unauthorized capability exposure for the compromised node.

npm/openclaw vulnerability privilege-escalation server-side npm
2t 1c