CVE-2026-53822
published 2026-06-12CVE-2026-53822: OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.98%
57.9th percentile
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclaw | openclaw | < 2026.5.18 | 2026.5.18 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenClaw up to 2026.5.17 Command Argument toctou (GHSA-2j8v-hwgc-x698 / EUVD-2026-36610)
vuldb·2026-06-13·CVSS 8.8
CVE-2026-53822 [HIGH] OpenClaw up to 2026.5.17 Command Argument toctou (GHSA-2j8v-hwgc-x698 / EUVD-2026-36610)
A vulnerability was found in OpenClaw up to 2026.5.17. It has been rated as critical. This vulnerability affects unknown code of the component Command Argument Handler. The manipulation leads to time-of-check time-of-use.
This vulnerability is traded as CVE-2026-53822. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
GHSA
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution.
ghsa_unreviewed·2026-06-13
CVE-2026-53822 [HIGH] CWE-367 OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution.
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-12
Published