{"vulnerability": "cve-2026-5381", "sightings": [{"uuid": "64734472-dfa3-42e4-8094-f504cd17e8a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53818", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo27sutc2u2g", "content": "CVE-2026-53818 - OpenClaw\nCVE ID : CVE-2026-53818\n \n Published : June 11, 2026, 8:09 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-...", "creation_timestamp": "2026-06-11T21:57:19.928913Z"}, {"uuid": "537e7a55-1368-445e-987d-4dd3be2b6b23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53811", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2c2s5mqu2g", "content": "CVE-2026-53811 - OpenClaw\nCVE ID : CVE-2026-53811\n \n Published : June 11, 2026, 8:07 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to matc...", "creation_timestamp": "2026-06-11T22:37:32.846443Z"}, {"uuid": "a2b7e1c1-4054-4321-b132-28b04b223106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53810", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2cmplyoy2m", "content": "CVE-2026-53810 - OpenClaw\nCVE ID : CVE-2026-53810\n \n Published : June 11, 2026, 8:07 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscan...", "creation_timestamp": "2026-06-11T22:47:34.439126Z"}, {"uuid": "0cabeffc-6b64-4459-b7e6-a607880307c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53819", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2a3tizng2m", "content": "CVE-2026-53819 - OpenClaw\nCVE ID : CVE-2026-53819\n \n Published : June 11, 2026, 8:10 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Ho...", "creation_timestamp": "2026-06-11T22:02:20.484674Z"}, {"uuid": "4ff12af2-acca-4c91-9f0f-a461576e348f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53813", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2a5n7kl72o", "content": "CVE-2026-53813 - OpenClaw\nCVE ID : CVE-2026-53813\n \n Published : June 11, 2026, 8:08 p.m. | 1\u00a0hour, 11\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package ...", "creation_timestamp": "2026-06-11T22:03:21.017480Z"}, {"uuid": "2e0b1849-0589-4556-86f4-1ed2165ffd90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53814", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2abiyinf23", "content": "CVE-2026-53814 - OpenClaw\nCVE ID : CVE-2026-53814\n \n Published : June 11, 2026, 8:08 p.m. | 1\u00a0hour, 11\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loop...", "creation_timestamp": "2026-06-11T22:05:30.801898Z"}, {"uuid": "efcdd924-9695-4fbb-a095-03a7954e8581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53816", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2afnrmep23", "content": "CVE-2026-53816 - OpenClaw\nCVE ID : CVE-2026-53816\n \n Published : June 11, 2026, 8:09 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge e...", "creation_timestamp": "2026-06-11T22:07:50.007701Z"}, {"uuid": "3f605b8f-cef5-4bcf-93db-b9b7132ff0e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53812", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2ap2utjj23", "content": "CVE-2026-53812 - OpenClaw\nCVE ID : CVE-2026-53812\n \n Published : June 11, 2026, 8:07 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass priva...", "creation_timestamp": "2026-06-11T22:13:06.006964Z"}, {"uuid": "d85da329-03c8-4279-8976-3a2c2806ba39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53815", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2auhvlac2t", "content": "CVE-2026-53815 - OpenClaw\nCVE ID : CVE-2026-53815\n \n Published : June 11, 2026, 8:08 p.m. | 1\u00a0hour, 11\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust...", "creation_timestamp": "2026-06-11T22:16:07.533986Z"}, {"uuid": "1a09629a-2afc-4a84-9221-23a46092270e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53817", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2brtocbo2g", "content": "CVE-2026-53817 - OpenClaw\nCVE ID : CVE-2026-53817\n \n Published : June 11, 2026, 8:09 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof l...", "creation_timestamp": "2026-06-11T22:32:32.604616Z"}, {"uuid": "3066b105-207e-45e8-8cfb-c62839f6445c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53819", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mo4ni3xesv2y", "content": "\ud83d\udccc CVE-2026-53819 - OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebr... https://www.potatohub.blog/cves/CVE-2026-53819", "creation_timestamp": "2026-06-12T21:09:19.309403Z"}, {"uuid": "886e2857-b2e5-4972-afbe-49c11e8b4dca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53812", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moazvwvogl2d", "content": "\ud83d\udfe0 CVE-2026-53812 - High (7.7)\n\nOpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-53812/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T15:00:19.315691Z"}, {"uuid": "01b5e03b-0174-4abc-b8a4-13b681c35e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53813", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moazw5uzcb2a", "content": "\ud83d\udfe0 CVE-2026-53813 - High (7.8)\n\nOpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-53813/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T15:00:26.501752Z"}, {"uuid": "b49d7c1d-690f-49da-b6fc-b0863a75a8b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53814", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moazwexoxx2y", "content": "\ud83d\udfe0 CVE-2026-53814 - High (8.3)\n\nOpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agen...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-53814/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T15:00:33.806914Z"}, {"uuid": "c61868b6-8b1d-4132-b0aa-144022b548f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53817", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mob5bd4nws2d", "content": "\ud83d\udfe0 CVE-2026-53817 - High (8.8)\n\nOpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-53817/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T16:00:22.455209Z"}]}