CVE-2026-53853: Protection Mechanism Bypass and Incorrect Authorization in OpenClaw Execution Gateway
Vulnerability ID: CVE-2026-53853
CVSS Score: 8.3
Published: 2026-06-18
An incorrect authorization vulnerability in OpenClaw before 2026.5.12 allows authenticated attackers with low privileges to bypass the argument restriction policy on Linux and macOS platforms. By exploiting the omitted validation of the argPattern parameter, attackers can execute allowlisted binaries with arbitrary command line arguments, leading to unauthorized code execution and system compromise.
TL;DR
OpenClaw versions before 2026.5.12 on Linux and macOS skip validation of the argPattern configuration, enabling low-privileged users to execute allowlisted binaries with arbitrary, unauthorized arguments.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-693 (Protection Mechanism Failure), CWE-863 (Incorrect Authorization)
- Attack Vector: Network
- CVSS Score: 8.3
- Exploit Status: poc
- Affected Platforms: Linux, macOS
- Fixed Version: 2026.5.12
Affected Systems
- OpenClaw on Linux
- OpenClaw on macOS
Mitigation Strategies
- Upgrade to OpenClaw version 2026.5.12 or higher
- Temporarily disable the execution gateway module if not required
- Prune high-risk binaries from the command allowlist
Remediation Steps:
- Identify current installation version of OpenClaw
- Backup configuration files and execution allowlist definitions
- Install the updated version 2026.5.12 of OpenClaw
- Verify that the argPattern validation is correctly working by attempting to run an allowlisted command with unauthorized arguments
References
Read the full report for CVE-2026-53853 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)