CVE-2026-53853

HIGH

CVSS v3.1: 8.3

NetworkNo user interactionIncorrect AuthorizationVendor advisory ref

Source data as of:

At a glance

Severity
HIGH
CVSS
8.3 v3.1 · NVD
EPSS
EPSS not provided by FIRST.org for this CVE
CISA KEV
No
Type
Incorrect Authorization · NVD CWE
Attack conditions (CVSS vector)
NetworkNo user interaction · Source: NVD Vector
Published
2026-06-16 · Modified: 2026-06-16
References
Jump to references (2)

CVSS / EPSS / KEV

CVSS v3.1 8.3 / 10 HIGH Source: NVD
CVSS v4.0 7.6 / 10 HIGH Source: NVD
EPSS EPSS not provided by FIRST.org for this CVE Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.

Record details

CVE ID
CVE-2026-53853
CVSS (v3.1)
8.3 (HIGH)
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Exploitability subscore
2.8
Impact subscore
5.5
CISA KEV
No
Weakness (CWE)
CWE-693, CWE-863
Affected configurations (CPE)
0
Published
2026-06-16
Modified
2026-06-16
Status
Awaiting Analysis

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Related records

Other records sharing a factual facet, for cross-reference. A descriptive neighbourhood — ordering does not imply priority and is not a recommendation.

Same weakness type (CWE)

CVE-2026-12315 CRITICAL CVSS 9.1 CVE-2026-12316 CRITICAL CVSS 9.1 CVE-2026-12302 MEDIUM CVSS 6.5 CVE-2026-53845 MEDIUM CVSS 4.3

Published the same year

CVE-2026-20127 CRITICAL CVSS 10.0 KEV CVE-2026-20182 CRITICAL CVSS 10.0 KEV CVE-2026-48907 CRITICAL CVSS 10.0 KEV CVE-2026-40750 CRITICAL CVSS 9.9
← Back to all records