CVE-2026-53822

CVE Database · CVE-2026-53822

CVE-2026-53822

· HIGHReceived

CVSS v3.1

8.8

CVSS v4.0

8.7

EPSS

0.96%

Published

Jun 12, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-367

References (2)

https://github.com/openclaw/openclaw/security/advisories/GHSA-2j8v-hwgc-x698

https://www.vulncheck.com/advisories/openclaw-command-argument-modification-via-shell-wrapper-between-approval-and-execution

KEV Catalog EPSS Scores Vendors All CVEs