CVE-2026-53853

Name: CVE-2026-53853
Creator: NVD / NIST
Published: 2026-06-16T19:17:02.65+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.6/10EPSS 0.35%

Last modified Jun 18, 2026

CVE-2026-53853 is a high-severity vulnerability rated 7.6/10 on the CVSS scale. OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.

Description

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.

Metrics

CVSS 3.1

8.3/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CVSS 4.0

7.6/10

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.35%

26.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Openclaw	Openclaw	< 2026.5.12	—
Openclaw	Openclaw	2026.5.12	Beta1

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-v2ww-5rh7-2h5vVendor Advisory
https://www.vulncheck.com/advisories/openclaw-argument-pattern-bypass-in-exec-allowlist-via-linux-and-macosThird Party Advisory

Timeline

Published: Jun 16, 2026
Last Modified: Jun 18, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-53853?

How severe is CVE-2026-53853?

CVE-2026-53853 has a CVSS score of 7.6/10 (HIGH severity). The EPSS model estimates a 0.35% probability of exploitation in the next 30 days.

How do I fix CVE-2026-53853?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-53853?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST