{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openclaw--2026.5.27/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw (\u003c 2026.5.27)"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","vulnerability","npm","openclaw"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA critical vulnerability exists in OpenClaw, specifically affecting versions prior to \u003ccode\u003e2026.5.27\u003c/code\u003e. This flaw, described as \u0026quot;Node pairing reconnection could confuse approval scope state,\u0026quot; permits an already paired or reconnecting node session to manipulate its pairing state, altering the approval scope decision within the OpenClaw Gateway. This could result in a node being granted significantly broader authority than intended by the authenticated operator, effectively leading to privilege escalation. The vulnerability does not negate OpenClaw's trusted-operator model but targets scenarios where lower-trust input can reach the affected path during node reconnection. Defenders must prioritize patching to version \u003ccode\u003e2026.5.27\u003c/code\u003e or later to mitigate this risk and prevent potential unauthorized access or elevated privileges.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker, having established initial access or control over a low-privilege OpenClaw node, prepares to exploit the reconnection mechanism.\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a manipulated node reconnection session with the OpenClaw Gateway.\u003c/li\u003e\n\u003cli\u003eDuring the reconnection process, the attacker leverages the vulnerability in OpenClaw versions older than \u003ccode\u003e2026.5.27\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Gateway's internal state machine processes the manipulated reconnection, causing confusion in the node's pairing approval scope.\u003c/li\u003e\n\u003cli\u003eThis confusion leads the Gateway to make an incorrect \u0026quot;approval scope decision\u0026quot; for the reconnecting node.\u003c/li\u003e\n\u003cli\u003eAs a result, the node is granted \u0026quot;broader node authority\u0026quot; and elevated privileges beyond the operator's original intent.\u003c/li\u003e\n\u003cli\u003eThe attacker can now execute unauthorized commands or access sensitive resources with the newly acquired elevated privileges within the OpenClaw environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eWhen the affected OpenClaw feature is enabled and reachable, this vulnerability could restore or present broader node authority than the operator originally intended. The practical impact is contingent on the operator's specific configuration and whether lower-trust input can successfully reach the vulnerable code path. If exploited, an attacker could gain unauthorized access to functions or data previously restricted, leading to data compromise, system manipulation, or further lateral movement within the compromised environment.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch all OpenClaw instances to version \u003ccode\u003e2026.5.27\u003c/code\u003e or later immediately to remediate the vulnerability mentioned in the GHSA-83w9-h5wv-j9xm reference.\u003c/li\u003e\n\u003cli\u003eRevoke any unexpected or suspicious node pairings and re-pair only explicitly trusted nodes as a hardening measure until patching is complete.\u003c/li\u003e\n\u003cli\u003eAs a general hardening practice, keep channel and tool allowlists as narrow as possible.\u003c/li\u003e\n\u003cli\u003eAvoid sharing a single OpenClaw Gateway between mutually untrusted users or applications.\u003c/li\u003e\n\u003cli\u003eDisable the affected node pairing feature when it is not actively required for operations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:06:06Z","date_published":"2026-07-03T12:06:06Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-privilege-escalation/","summary":"A vulnerability (fixed in OpenClaw version 2026.5.27) in OpenClaw allows a paired or reconnecting node session to confuse the approval scope state, leading to broader node authority and unintended privilege escalation within the system.","title":"OpenClaw Node Pairing Vulnerability Leads to Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-privilege-escalation/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-53819"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw (\u003c 2026.5.27)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","code-execution","homebrew","supply-chain","macos","linux"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eThe OpenClaw platform is affected by CVE-2026-53819, a high-severity vulnerability enabling a malicious \u003ccode\u003e.env\u003c/code\u003e file in a repository to manipulate the Homebrew executable selection during skill installation flows. Published by GHSA on July 2, 2026, this flaw permits the OpenClaw install helper to use an attacker-controlled Homebrew-compatible binary instead of the legitimate one. This occurs when a trusted operator opens an affected workspace and initiates a skill installation. The vulnerability, present in OpenClaw versions prior to 2026.5.27, affects macOS and Linux systems and poses a significant risk for arbitrary code execution, bypassing established security controls and potentially compromising the operator's environment.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious repository that includes a \u003ccode\u003e.env\u003c/code\u003e file designed to alter environment variables that influence Homebrew's path resolution.\u003c/li\u003e\n\u003cli\u003eThe attacker socially engineers a trusted OpenClaw operator to clone and open this malicious repository within their development workspace.\u003c/li\u003e\n\u003cli\u003eThe trusted operator initiates a skill install flow within the newly opened, compromised workspace.\u003c/li\u003e\n\u003cli\u003eDuring the install process, the OpenClaw install helper parses the malicious \u003ccode\u003e.env\u003c/code\u003e file, causing it to load an incorrect or attacker-controlled path for the Homebrew executable.\u003c/li\u003e\n\u003cli\u003eInstead of executing the legitimate Homebrew binary, the system invokes an attacker-controlled Homebrew-compatible executable, which was likely bundled within the malicious repository.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled executable runs with the operator's privileges, achieving arbitrary code execution on the host system.\u003c/li\u003e\n\u003cli\u003eThis execution could lead to system compromise, data exfiltration, or further lateral movement within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-53819 could allow an attacker to run arbitrary code on a trusted operator's system, leading to full system compromise. The practical impact depends on the specific configuration of the operator's environment and the attacker's payload. If lower-trust input can reach the affected path, it increases the likelihood and severity of compromise. This vulnerability could be leveraged for initial access, privilege escalation, or establishing persistence within targeted development environments, potentially affecting intellectual property or critical infrastructure if operators with elevated access are targeted.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch OpenClaw to version \u003ccode\u003e2026.5.27\u003c/code\u003e or newer to remediate CVE-2026-53819.\u003c/li\u003e\n\u003cli\u003eAvoid running skill install flows from untrusted workspaces until all OpenClaw instances are updated to the patched version \u003ccode\u003e2026.5.27\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAs a general hardening measure, keep channel and tool allowlists narrow, as noted in the GHSA reference.\u003c/li\u003e\n\u003cli\u003eDisable the affected feature when it is not needed to reduce the attack surface for CVE-2026-53819.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:01:45Z","date_published":"2026-07-03T12:01:45Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-homebrew-override/","summary":"A high-severity vulnerability (CVE-2026-53819) in OpenClaw versions prior to 2026.5.27 allows a malicious `.env` file within a repository to override the Homebrew executable selection during skill installation flows, potentially leading to arbitrary code execution on trusted operator systems running macOS or Linux.","title":"OpenClaw Workspace .env Homebrew Executable Override Vulnerability (CVE-2026-53819)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-homebrew-override/"}],"language":"en","title":"CraftedSignal Threat Feed - OpenClaw (\u003c 2026.5.27)","version":"https://jsonfeed.org/version/1.1"}