<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>OpenClaw (&lt; 2026.5.27) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/openclaw--2026.5.27/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 12:06:06 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/openclaw--2026.5.27/feed.xml" rel="self" type="application/rss+xml"/><item><title>OpenClaw Node Pairing Vulnerability Leads to Privilege Escalation</title><link>https://feed.craftedsignal.io/briefs/2026-07-openclaw-privilege-escalation/</link><pubDate>Fri, 03 Jul 2026 12:06:06 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-openclaw-privilege-escalation/</guid><description>A vulnerability (fixed in OpenClaw version 2026.5.27) in OpenClaw allows a paired or reconnecting node session to confuse the approval scope state, leading to broader node authority and unintended privilege escalation within the system.</description><content:encoded><![CDATA[<p>A critical vulnerability exists in OpenClaw, specifically affecting versions prior to <code>2026.5.27</code>. This flaw, described as &quot;Node pairing reconnection could confuse approval scope state,&quot; permits an already paired or reconnecting node session to manipulate its pairing state, altering the approval scope decision within the OpenClaw Gateway. This could result in a node being granted significantly broader authority than intended by the authenticated operator, effectively leading to privilege escalation. The vulnerability does not negate OpenClaw's trusted-operator model but targets scenarios where lower-trust input can reach the affected path during node reconnection. Defenders must prioritize patching to version <code>2026.5.27</code> or later to mitigate this risk and prevent potential unauthorized access or elevated privileges.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker, having established initial access or control over a low-privilege OpenClaw node, prepares to exploit the reconnection mechanism.</li>
<li>The attacker initiates a manipulated node reconnection session with the OpenClaw Gateway.</li>
<li>During the reconnection process, the attacker leverages the vulnerability in OpenClaw versions older than <code>2026.5.27</code>.</li>
<li>The Gateway's internal state machine processes the manipulated reconnection, causing confusion in the node's pairing approval scope.</li>
<li>This confusion leads the Gateway to make an incorrect &quot;approval scope decision&quot; for the reconnecting node.</li>
<li>As a result, the node is granted &quot;broader node authority&quot; and elevated privileges beyond the operator's original intent.</li>
<li>The attacker can now execute unauthorized commands or access sensitive resources with the newly acquired elevated privileges within the OpenClaw environment.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>When the affected OpenClaw feature is enabled and reachable, this vulnerability could restore or present broader node authority than the operator originally intended. The practical impact is contingent on the operator's specific configuration and whether lower-trust input can successfully reach the vulnerable code path. If exploited, an attacker could gain unauthorized access to functions or data previously restricted, leading to data compromise, system manipulation, or further lateral movement within the compromised environment.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch all OpenClaw instances to version <code>2026.5.27</code> or later immediately to remediate the vulnerability mentioned in the GHSA-83w9-h5wv-j9xm reference.</li>
<li>Revoke any unexpected or suspicious node pairings and re-pair only explicitly trusted nodes as a hardening measure until patching is complete.</li>
<li>As a general hardening practice, keep channel and tool allowlists as narrow as possible.</li>
<li>Avoid sharing a single OpenClaw Gateway between mutually untrusted users or applications.</li>
<li>Disable the affected node pairing feature when it is not actively required for operations.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>privilege-escalation</category><category>vulnerability</category><category>npm</category><category>openclaw</category></item><item><title>OpenClaw Workspace .env Homebrew Executable Override Vulnerability (CVE-2026-53819)</title><link>https://feed.craftedsignal.io/briefs/2026-07-openclaw-homebrew-override/</link><pubDate>Fri, 03 Jul 2026 12:01:45 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-openclaw-homebrew-override/</guid><description>A high-severity vulnerability (CVE-2026-53819) in OpenClaw versions prior to 2026.5.27 allows a malicious `.env` file within a repository to override the Homebrew executable selection during skill installation flows, potentially leading to arbitrary code execution on trusted operator systems running macOS or Linux.</description><content:encoded><![CDATA[<p>The OpenClaw platform is affected by CVE-2026-53819, a high-severity vulnerability enabling a malicious <code>.env</code> file in a repository to manipulate the Homebrew executable selection during skill installation flows. Published by GHSA on July 2, 2026, this flaw permits the OpenClaw install helper to use an attacker-controlled Homebrew-compatible binary instead of the legitimate one. This occurs when a trusted operator opens an affected workspace and initiates a skill installation. The vulnerability, present in OpenClaw versions prior to 2026.5.27, affects macOS and Linux systems and poses a significant risk for arbitrary code execution, bypassing established security controls and potentially compromising the operator's environment.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious repository that includes a <code>.env</code> file designed to alter environment variables that influence Homebrew's path resolution.</li>
<li>The attacker socially engineers a trusted OpenClaw operator to clone and open this malicious repository within their development workspace.</li>
<li>The trusted operator initiates a skill install flow within the newly opened, compromised workspace.</li>
<li>During the install process, the OpenClaw install helper parses the malicious <code>.env</code> file, causing it to load an incorrect or attacker-controlled path for the Homebrew executable.</li>
<li>Instead of executing the legitimate Homebrew binary, the system invokes an attacker-controlled Homebrew-compatible executable, which was likely bundled within the malicious repository.</li>
<li>The attacker-controlled executable runs with the operator's privileges, achieving arbitrary code execution on the host system.</li>
<li>This execution could lead to system compromise, data exfiltration, or further lateral movement within the network.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-53819 could allow an attacker to run arbitrary code on a trusted operator's system, leading to full system compromise. The practical impact depends on the specific configuration of the operator's environment and the attacker's payload. If lower-trust input can reach the affected path, it increases the likelihood and severity of compromise. This vulnerability could be leveraged for initial access, privilege escalation, or establishing persistence within targeted development environments, potentially affecting intellectual property or critical infrastructure if operators with elevated access are targeted.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately patch OpenClaw to version <code>2026.5.27</code> or newer to remediate CVE-2026-53819.</li>
<li>Avoid running skill install flows from untrusted workspaces until all OpenClaw instances are updated to the patched version <code>2026.5.27</code>.</li>
<li>As a general hardening measure, keep channel and tool allowlists narrow, as noted in the GHSA reference.</li>
<li>Disable the affected feature when it is not needed to reduce the attack surface for CVE-2026-53819.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>code-execution</category><category>homebrew</category><category>supply-chain</category><category>macos</category><category>linux</category></item></channel></rss>