{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/npm/openclaw--2026.5.18/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["npm/openclaw (\u003c 2026.5.18)"],"_cs_severities":["high"],"_cs_tags":["command-injection","approval-bypass","integrity-compromise","application"],"_cs_type":"threat","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA high-severity vulnerability has been identified in the OpenClaw application, specifically affecting its exec approval display in versions prior to \u003ccode\u003e2026.5.18\u003c/code\u003e. This flaw allows for the truncation of commands presented to an approver within the user interface, while the full command, including any hidden suffixes, is retained for execution. An authenticated attacker can exploit this by submitting a crafted, oversized command where a benign prefix is visible in the UI, but a malicious suffix containing additional shell operations remains hidden. Upon approval, the complete, malicious command is executed. This issue fundamentally undermines the integrity of the approval process by misrepresenting the actual command to be run. While it does not grant unauthenticated access or alter OpenClaw's local-first trust model, it poses a significant risk in deployments where exec approval is enabled, allowing an attacker to effectively bypass human review for potentially dangerous commands.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker crafts a malicious command that is intentionally long, containing a benign-looking prefix and a hidden, malicious suffix with additional shell operations (e.g., \u003ccode\u003eecho \u0026quot;legit_cmd_output\u0026quot;; malicious_command_here\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a pending host exec request within OpenClaw, submitting this crafted, oversized command.\u003c/li\u003e\n\u003cli\u003eWhen the command is presented to an approver in the OpenClaw UI, the display truncation vulnerability causes only the benign prefix of the command to be visible.\u003c/li\u003e\n\u003cli\u003eThe approver, unaware of the hidden malicious suffix, reviews the truncated command and proceeds to authorize its execution.\u003c/li\u003e\n\u003cli\u003eUpon successful approval, the OpenClaw system executes the \u003cem\u003efull\u003c/em\u003e original command, including the hidden malicious suffix, on the target host.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003emalicious_command_here\u003c/code\u003e from the hidden suffix executes with the privileges of the OpenClaw agent on the target system, potentially leading to unauthorized actions such as data exfiltration, system modification, or further compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe core impact of this vulnerability is a critical failure in the integrity of OpenClaw's exec approval mechanism. An approver, relying on the displayed command, could unknowingly authorize the execution of arbitrary and potentially malicious shell commands on a target system. This effectively bypasses a crucial security control designed to prevent unauthorized or unintended actions. While the advisory does not specify observed exploitation in the wild or provide victim counts, any organization utilizing OpenClaw with exec approval enabled and not running a patched version is vulnerable. The potential damage could range from data manipulation and service disruption to complete system compromise, depending on the nature of the hidden malicious command and the privileges granted to OpenClaw.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003eopenclaw@2026.5.18\u003c/code\u003e or later immediately to apply the patch for this vulnerability.\u003c/li\u003e\n\u003cli\u003ePrior to upgrading any systems running OpenClaw versions \u003ccode\u003e\u0026lt; 2026.5.18\u003c/code\u003e, refrain from approving unusually long exec commands to mitigate potential exploitation.\u003c/li\u003e\n\u003cli\u003eEnsure that OpenClaw exec approval capabilities are strictly limited to highly trusted operators who are aware of the truncation vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:20:49Z","date_published":"2026-07-03T12:20:49Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-truncation-vulnerability/","summary":"A high-severity vulnerability in OpenClaw's exec approval feature (versions prior to 2026.5.18) allows an authenticated attacker to bypass approval integrity by crafting a long command that appears benign in the truncated UI but contains a malicious suffix, leading to unauthorized command execution.","title":"OpenClaw Exec Approval Truncation Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-truncation-vulnerability/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-53810"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["npm/openclaw (\u003c 2026.5.18)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","supply-chain","code-execution","nodejs","npm"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-53810, has been identified in \u003ccode\u003enpm/openclaw\u003c/code\u003e versions prior to \u003ccode\u003e2026.5.18\u003c/code\u003e. This flaw resides within the marketplace runtime extension metadata, allowing a malicious package to point to unscanned payloads. When a trusted operator installs such a specially crafted package, the OpenClaw Gateway's runtime loading mechanism can be redirected to execute hidden content that has bypassed expected security scans. This means plugin code could be loaded and executed outside of its reviewed package entry points, creating an avenue for unauthorized code execution. The practical impact hinges on the specific operator's configuration and whether lower-trust input can reach the vulnerable path. While this advisory emphasizes that OpenClaw's trusted-operator model remains, this specific misconfiguration introduces a significant risk if exploited.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious OpenClaw package containing legitimate-looking components alongside hidden malicious code and specially forged marketplace runtime extension metadata.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this malicious package (e.g., via social engineering, compromise of a trusted source, or supply chain infiltration) to an organization using OpenClaw Gateway.\u003c/li\u003e\n\u003cli\u003eA trusted operator, unaware of the hidden malicious content, initiates the installation of the seemingly benign package within the OpenClaw Gateway environment.\u003c/li\u003e\n\u003cli\u003eDuring the installation process, the vulnerable OpenClaw Gateway (versions prior to \u003ccode\u003e2026.5.18\u003c/code\u003e) processes the malicious marketplace runtime extension metadata.\u003c/li\u003e\n\u003cli\u003eDue to CVE-2026-53810, this metadata redirects the runtime loading mechanism to the hidden, unscanned malicious code within the package.\u003c/li\u003e\n\u003cli\u003eThe OpenClaw Gateway inadvertently loads and executes the malicious plugin code, bypassing its standard security review and scanning procedures.\u003c/li\u003e\n\u003cli\u003eThe executed malicious code operates within the trusted context of the OpenClaw Gateway, potentially allowing for arbitrary command execution, data exfiltration, or further system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-53810 could lead to unauthorized code execution within the trusted environment of an OpenClaw Gateway. If the affected feature is enabled and reachable, attackers could leverage this vulnerability to bypass security scans and load arbitrary plugin code, potentially leading to privilege escalation, data theft, or complete system compromise. The severity of the impact depends heavily on the specific configuration of the operator's OpenClaw environment and the sensitivity of the data and systems accessible by the Gateway.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-53810 by immediately upgrading \u003ccode\u003enpm/openclaw\u003c/code\u003e to version \u003ccode\u003e2026.5.18\u003c/code\u003e or higher to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eAs a temporary mitigation, implement strict allowlists for all plugins installed on OpenClaw Gateways and explicitly define allowed channels and tools.\u003c/li\u003e\n\u003cli\u003eDisable the marketplace runtime extension feature if it is not explicitly required for your operational needs to reduce the attack surface.\u003c/li\u003e\n\u003cli\u003eAvoid sharing a single OpenClaw Gateway between mutually untrusted users or environments as a general hardening measure.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:18:41Z","date_published":"2026-07-03T12:18:41Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-unscanned-payloads/","summary":"A high-severity vulnerability, CVE-2026-53810, in OpenClaw's marketplace runtime extension metadata allows an attacker to craft a malicious package that, when installed by a trusted operator, redirects runtime loading to hidden, unscanned code, potentially leading to unauthorized code execution and bypassing security checks.","title":"OpenClaw Vulnerability Allows Loading of Unscanned Payloads via Malicious Metadata","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-unscanned-payloads/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw (\u003c 2026.5.18)","npm/openclaw (\u003c 2026.5.18)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","proxy","privilege-escalation","defense-evasion","npm","server"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA significant security vulnerability, tracked as GHSA-rggc-m335-3wvj, has been identified in OpenClaw's trusted-proxy deployments, specifically impacting versions prior to \u003ccode\u003e2026.5.18\u003c/code\u003e. This flaw allows a local attacker, operating from the same host where an OpenClaw Gateway instance is running, to forge identity headers. By directly communicating with the proxy-facing Gateway port and presenting these falsified headers, the attacker can effectively bypass the security mechanisms designed for trusted proxies. If the affected feature is active and accessible, this enables the local caller to assume an operator's identity, potentially leading to unauthorized access, configuration changes, or privilege escalation within the OpenClaw environment. This vulnerability is critical for organizations deploying OpenClaw in shared-host or multi-tenant environments where local access by lower-trust processes is possible.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access\u003c/strong\u003e: An attacker gains local access to a system hosting an OpenClaw Gateway instance configured for trusted-proxy deployments. This could be via another compromised application or a low-privilege user account.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDiscovery\u003c/strong\u003e: The attacker probes the local system to identify the specific network port on which the OpenClaw Gateway's proxy-facing service is listening.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDirect Connection\u003c/strong\u003e: The attacker establishes a direct network connection from their local process to the discovered OpenClaw Gateway port, bypassing the legitimate trusted proxy infrastructure.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Forgery\u003c/strong\u003e: The attacker crafts and sends HTTP requests containing forged identity headers, mimicking those that would normally be generated and supplied by a trusted upstream proxy.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerable Processing\u003c/strong\u003e: The affected OpenClaw Gateway instance (versions \u003ccode\u003e\u0026lt; 2026.5.18\u003c/code\u003e) accepts and processes these forged identity headers from the direct local connection without proper validation.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIdentity Assumption\u003c/strong\u003e: The Gateway attributes the operator identity specified in the forged headers to the local attacker's process.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation / Unauthorized Actions\u003c/strong\u003e: The attacker, now operating with the assumed operator identity, performs unauthorized actions such as modifying configurations, accessing sensitive data, or escalating privileges within the OpenClaw system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of this vulnerability can lead to significant security breaches. If an attacker can successfully forge identity headers, they can impersonate an authorized operator within the OpenClaw environment. The practical impact is highly dependent on the privileges associated with the impersonated operator and the specific configurations of the OpenClaw Gateway. This could result in unauthorized configuration changes, data manipulation or exfiltration, or complete administrative control over the OpenClaw instance. Organizations with shared hosting environments or those running multiple applications on the same server as OpenClaw are particularly at risk, as any compromised local process could leverage this flaw.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch Immediately\u003c/strong\u003e: Upgrade all OpenClaw Gateway instances to version \u003ccode\u003e2026.5.18\u003c/code\u003e or newer to remediate the vulnerability described in GHSA-rggc-m335-3wvj.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNetwork Segmentation\u003c/strong\u003e: Implement network controls to bind the trusted-proxy ingress behind the actual trusted proxy and firewall direct same-host access to the Gateway port, as mentioned in the GHSA-rggc-m335-3wvj mitigations.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFeature Disablement\u003c/strong\u003e: Disable the affected trusted-proxy feature if it is not explicitly required for your operational workflow to reduce the attack surface.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAccess Control\u003c/strong\u003e: Ensure that lower-trust applications or users on the same host cannot reach the OpenClaw Gateway's proxy-facing port, following the hardening advice from GHSA-rggc-m335-3wvj.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:17:46Z","date_published":"2026-07-03T12:17:46Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-forged-headers/","summary":"A vulnerability (GHSA-rggc-m335-3wvj) in OpenClaw's trusted-proxy deployments allows a local attacker on the same host to forge identity headers, bypassing intended security controls and potentially leading to unauthorized access or privilege escalation if the affected feature is enabled and reachable.","title":"OpenClaw Vulnerability Allows Local Forged Identity Headers","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-forged-headers/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["npm/openclaw (\u003c 2026.5.18)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","policy-bypass","posix","data-exposure"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA high-severity vulnerability (GHSA-mhq8-78pj-5j79) has been identified in OpenClaw's \u003ccode\u003esystem.run\u003c/code\u003e functionality on POSIX nodes, impacting versions prior to \u003ccode\u003e2026.5.18\u003c/code\u003e. The issue arises when the \u003ccode\u003esystem.run\u003c/code\u003e command, configured with safe-bin or allowlist-based auto-approval, processes commands where shell expansion can occur. This can lead to a scenario where an argument that appears safe to the policy engine transforms into a file operand after shell expansion, allowing a lower-privilege authenticated operator to read sensitive node-local files unintended by policy. This policy-enforcement gap could be exploited to exfiltrate OpenClaw configuration data or other confidential information stored locally on the node. The vulnerability is specifically limited to paired POSIX node execution and does not represent an unauthenticated node takeover.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated operator, potentially with lower privileges, initiates a \u003ccode\u003esystem.run\u003c/code\u003e command on a paired POSIX node.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esystem.run\u003c/code\u003e command is configured with a safe-bin or allowlist-style auto-approval policy.\u003c/li\u003e\n\u003cli\u003eThe operator crafts the command to include parameters susceptible to shell expansion (e.g., variable substitution, wildcard expansion).\u003c/li\u003e\n\u003cli\u003eThe OpenClaw safe-bin check approves the command based on its initial interpretation, before shell expansion.\u003c/li\u003e\n\u003cli\u003eDuring execution, the shell processes the command, and its expansion alters the original interpretation of the approved command.\u003c/li\u003e\n\u003cli\u003eA seemingly safe argument, intended for an approved binary, expands into additional shell words, one of which becomes an unintended file operand to the executed binary.\u003c/li\u003e\n\u003cli\u003eThe executed binary reads a sensitive node-local file (e.g., OpenClaw configuration files, sensitive data) that the operator would otherwise not have authorization to access.\u003c/li\u003e\n\u003cli\u003eThe content of the sensitive node-local file is exposed to the lower-privilege operator flow, bypassing the intended security policy.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to the unauthorized disclosure of sensitive information from affected OpenClaw POSIX nodes. A lower-privilege operator could read node-local files, including OpenClaw configuration data, API keys, credentials, or other proprietary information. This is a policy-enforcement gap in argument validation, meaning that while the command itself was approved, its post-expansion execution deviates from the intended secure behavior. The extent of the damage depends on the sensitivity of the files accessible by the node process, potentially exposing critical infrastructure details or allowing further lateral movement if credentials are leaked.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to OpenClaw version \u003ccode\u003eopenclaw@2026.5.18\u003c/code\u003e or later to remediate the vulnerability (GHSA-mhq8-78pj-5j79).\u003c/li\u003e\n\u003cli\u003eReview existing \u003ccode\u003esystem.run\u003c/code\u003e policies to avoid broad safe-bin auto-approval for commands that can read arbitrary paths.\u003c/li\u003e\n\u003cli\u003ePrefer explicit approval for node commands that interact with local files, scrutinizing any parameters that could be subject to shell expansion.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:15:00Z","date_published":"2026-07-03T12:15:00Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-shell-expansion/","summary":"A vulnerability in OpenClaw's `system.run` safe-bin feature on POSIX nodes could allow a lower-privilege operator flow to read local files not intended by policy, as shell expansion can alter the interpretation of an approved command, causing a seemingly safe argument to expand into additional shell words and become a file operand, potentially exposing OpenClaw configuration data or other node-local information.","title":"OpenClaw's POSIX Node system.run Safe-Bin Widened by Shell Expansion (GHSA-mhq8-78pj-5j79)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-shell-expansion/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-53816"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["npm/openclaw (\u003c 2026.5.18)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","privilege-escalation","server-side","npm"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-53816, has been identified in the npm/openclaw package, affecting all versions prior to \u003ccode\u003e2026.5.18\u003c/code\u003e. This flaw allows an attacker who has already gained control of a paired OpenClaw node to bypass security checks and forge \u003ccode\u003eexec\u003c/code\u003e lifecycle events. OpenClaw nodes typically send these lifecycle events to a central gateway. However, due to an insufficient provenance check in affected versions, the gateway accepts these forged events as legitimate execution results. This deception can lead the target session to process attacker-controlled data, exposing capabilities that the compromised node should not possess. This issue primarily impacts deployments where nodes can send crafted \u003ccode\u003enode.event\u003c/code\u003e messages to the gateway and the target agent/session processes exec lifecycle events.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains control over an already paired OpenClaw node within the targeted environment.\u003c/li\u003e\n\u003cli\u003eThe compromised paired node crafts a malicious \u003ccode\u003enode.event\u003c/code\u003e message containing forged \u003ccode\u003eexec\u003c/code\u003e lifecycle event data.\u003c/li\u003e\n\u003cli\u003eThe forged event data is designed to mimic a legitimate \u003ccode\u003esystem.run\u003c/code\u003e request or other authorized execution.\u003c/li\u003e\n\u003cli\u003eThe compromised node sends this crafted \u003ccode\u003enode.event\u003c/code\u003e message to the OpenClaw gateway.\u003c/li\u003e\n\u003cli\u003eDue to a missing provenance check, the OpenClaw gateway accepts the forged \u003ccode\u003eexec\u003c/code\u003e lifecycle event without validating its origin or authorization.\u003c/li\u003e\n\u003cli\u003eThe gateway processes the attacker-supplied event data as if it were a legitimate execution result from an authorized \u003ccode\u003esystem.run\u003c/code\u003e request.\u003c/li\u003e\n\u003cli\u003eThis process steers the target session into an exec-event path, exposing unauthorized capabilities to the compromised node.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves privilege escalation or unauthorized control over functionality that the node's reduced surface should not have provided.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-53816 enables a malicious or compromised OpenClaw node to gain unauthorized capabilities on the OpenClaw gateway and associated target sessions. By making the gateway treat attacker-supplied event data as legitimate execution results, the vulnerability effectively elevates the privileges of the compromised node beyond its intended scope. While it does not allow an unauthenticated caller to directly reach the gateway, it poses a significant threat in environments where an OpenClaw node has already been breached, potentially leading to broader system compromise and unauthorized data access or manipulation. Organizations with affected versions are at risk if any of their paired nodes are compromised.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003eopenclaw@2026.5.18\u003c/code\u003e or later immediately to patch CVE-2026-53816.\u003c/li\u003e\n\u003cli\u003eEnsure that all paired OpenClaw nodes originate from trusted and secured environments.\u003c/li\u003e\n\u003cli\u003eImplement a process to remove and re-pair any OpenClaw nodes that are suspected of being compromised.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T11:58:42Z","date_published":"2026-07-03T11:58:42Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-node-forgery/","summary":"A vulnerability, CVE-2026-53816, in npm/openclaw versions prior to 2026.5.18, allows a malicious or compromised paired node to forge 'exec' lifecycle events and send them to the gateway, which, due to a missing provenance check, accepts the attacker-supplied event data as legitimate execution results, leading to unauthorized capability exposure for the compromised node.","title":"OpenClaw Node Forgery via Missing Provenance Check (CVE-2026-53816)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-node-forgery/"}],"language":"en","title":"CraftedSignal Threat Feed - Npm/Openclaw (\u003c 2026.5.18)","version":"https://jsonfeed.org/version/1.1"}