{"uuid": "08bd9224-335e-4aae-9bee-8f684c164d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53854", "type": "seen", "source": "https://gist.github.com/alon710/b45b870bc10a669d4ff8530bce9819db", "content": "# CVE-2026-53854: CVE-2026-53854: Privilege Escalation via Wildcard Authorization Inheritance in OpenClaw\n\n> **CVSS Score:** 6.0\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53854\n\n## Summary\nCVE-2026-53854 is an authorization bypass vulnerability in OpenClaw, an open-source WhatsApp gateway CLI and Pi RPC agent. The flaw exists in the command authentication flow where low-privilege actors communicating via internal or webchat interfaces inherit global wildcard authorization states across channel boundaries. This cross-channel inheritance allows unauthorized command execution with administrative privileges.\n\n## TL;DR\nA privilege escalation vulnerability in OpenClaw allows low-privilege internal/webchat senders to inherit wildcard administrative permissions, leading to unauthorized owner-level command execution.\n\n## Technical Details\n\n- **CWE ID**: CWE-863\n- **Attack Vector**: Network\n- **CVSS Score**: 6.0\n- **EPSS Score**: 0.00247\n- **Exploit Status**: None\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw\n\n## Mitigation\n\n- Upgrade OpenClaw instances to version 2026.4.25 or later\n- Replace all wildcard declarations in configuration files with explicit allowlists\n- Isolate internal and webchat control paths behind network firewalls or VPNs\n\n**Remediation Steps:**\n1. Determine the active version of OpenClaw running in the environment\n2. If the version is prior to 2026.4.25, schedule an immediate software update\n3. Review configuration files (config.json) for ownerAllowFrom parameters containing wildcard '*' characters\n4. Replace wildcard characters with defined, trusted administrator identifiers or phone numbers\n5. Apply the patch using npm install openclaw@2026.4.25 or pnpm update openclaw@2026.4.25\n6. Restart the gateway service and verify that the context-leak issue is resolved\n\n## References\n\n- [GitHub Security Advisory GHSA-4hpg-mp64-x7xq](https://github.com/openclaw/openclaw/security/advisories/GHSA-4hpg-mp64-x7xq)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53854) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T04:21:14.000000Z"}