CVE-2026-53854: Privilege Escalation via Wildcard Authorization Inheritance in OpenClaw
Vulnerability ID: CVE-2026-53854
CVSS Score: 6.0
Published: 2026-06-18
CVE-2026-53854 is an authorization bypass vulnerability in OpenClaw, an open-source WhatsApp gateway CLI and Pi RPC agent. The flaw exists in the command authentication flow where low-privilege actors communicating via internal or webchat interfaces inherit global wildcard authorization states across channel boundaries. This cross-channel inheritance allows unauthorized command execution with administrative privileges.
TL;DR
A privilege escalation vulnerability in OpenClaw allows low-privilege internal/webchat senders to inherit wildcard administrative permissions, leading to unauthorized owner-level command execution.
Technical Details
- CWE ID: CWE-863
- Attack Vector: Network
- CVSS Score: 6.0
- EPSS Score: 0.00247
- Exploit Status: None
- CISA KEV Status: Not Listed
Affected Systems
- OpenClaw
Mitigation Strategies
- Upgrade OpenClaw instances to version 2026.4.25 or later
- Replace all wildcard declarations in configuration files with explicit allowlists
- Isolate internal and webchat control paths behind network firewalls or VPNs
Remediation Steps:
- Determine the active version of OpenClaw running in the environment
- If the version is prior to 2026.4.25, schedule an immediate software update
- Review configuration files (config.json) for ownerAllowFrom parameters containing wildcard '*' characters
- Replace wildcard characters with defined, trusted administrator identifiers or phone numbers
- Apply the patch using npm install openclaw@2026.4.25 or pnpm update openclaw@2026.4.25
- Restart the gateway service and verify that the context-leak issue is resolved
References
Read the full report for CVE-2026-53854 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)