216.73.216.133

CVE-2026-53806

· Published 11/06/2026 23:16 · Modified 12/06/2026 19:33 · Author: The MITRE Corporation

Labels: CVE-2026-53806 2026-06-11CVE-2026-53806CWE-367[email protected]

Essential information

Published
11/06/2026 23:16
Modified
12/06/2026 19:33
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.8 HIGH (v3.1) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CWE-367
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling unauthorized command execution when the affected feature is enabled.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openclaw / openclaw cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

References