{"vulnerability": "cve-2026-5385", "sightings": [{"uuid": "2e8ef523-32c3-4360-ace3-5c840f55617d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5385", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlblk4t3e52k", "content": "\ud83d\udd17 CVE : CVE-2026-32312, CVE-2026-40108, CVE-2026-42317, CVE-2026-42318, CVE-2026-42320, CVE-2026-42321, CVE-2026-5385", "creation_timestamp": "2026-05-07T16:00:15.486681Z"}, {"uuid": "20d66c07-10b1-45ac-a3e9-3516dfe29c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53853", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mogozvim4327", "content": "\ud83d\udfe0 CVE-2026-53853 - High (8.3)\n\nOpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist th...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-53853/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-16T21:01:39.620252Z"}, {"uuid": "5a8861b6-d5cb-412f-b19a-c1a8ddd16886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5385", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndhwkwzml2d", "content": "CVE-2026-5385 - GLPI 11.0.0 - Stored XSS in knowledge base\nCVE ID : CVE-2026-5385\n \n Published : June 2, 2026, 6:32 p.m. | 1\u00a0hour, 53\u00a0minutes ago\n \n Description : An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item....", "creation_timestamp": "2026-06-02T20:51:19.619454Z"}, {"uuid": "2e937d4f-ff89-40f2-9c98-ec9040876ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53857", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moglmonidh2r", "content": "\ud83d\udfe0 CVE-2026-53857 - High (8.1)\n\nOpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mut...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-53857/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-16T20:01:01.544054Z"}, {"uuid": "921982c9-9230-4e53-b7ab-0311ea3f0637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53853", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mogq63qo3o2j", "content": "CVE-2026-53853 - OpenClaw\nCVE ID : CVE-2026-53853\n \n Published : June 16, 2026, 7:17 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed argume...", "creation_timestamp": "2026-06-16T21:21:53.144037Z"}, {"uuid": "5d8f9746-77ed-4850-9b3e-711fcb991a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5385", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mncq4nolce2y", "content": "\ud83d\udd17 CVE : CVE-2026-40108, CVE-2026-42318, CVE-2026-42321, CVE-2026-5385", "creation_timestamp": "2026-06-02T13:45:21.650382Z"}, {"uuid": "20f01ff9-08a3-4bc4-a385-a04cb4b8ba94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53850", "type": "seen", "source": "https://gist.github.com/alon710/333afcd685b49ef354fee03c7b82b7fd", "content": "# CVE-2026-53850: CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope Enforcement\n\n> **CVSS Score:** 5.5\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53850\n\n## Summary\nAn authorization bypass vulnerability in OpenClaw versions prior to 2026.4.25 allows authenticated users to execute the 'focus' command without proper controlScope validation. Because the routing engine fails to enforce configured access policies on this specific command pathway, low-privilege operators can alter the gateway's global focus state, leading to potential unauthorized cross-channel or cross-session interaction depending on downstream configuration.\n\n## TL;DR\nA missing authorization check (CWE-862) in the OpenClaw 'focus' command allows authenticated low-privilege users to change the gateway's focus state, bypassing configured controlScope isolation boundaries.\n\n## Technical Details\n\n- **CWE ID**: CWE-862 (Missing Authorization)\n- **Attack Vector**: Local (AV:L)\n- **CVSS v3.1 Base Score**: 5.5\n- **CVSS v4.0 Base Score**: 6.8\n- **EPSS Score**: 0.00093 (0.71st percentile)\n- **Impact Class**: Integrity (High)\n- **Exploit Status**: No public functional exploit or proof-of-concept exists\n- **CISA KEV Status**: Not listed\n\n## Affected Systems\n\n- OpenClaw Gateway deployments running versions prior to 2026.4.25\n- **openclaw**: < 2026.4.25 (Fixed in: `2026.4.25`)\n\n## Mitigation\n\n- Upgrade the OpenClaw package to version 2026.4.25 or later.\n- Explicitly disable the focus command in deployment environments if it is not required for daily tasks.\n- Restrict network or platform access to the OpenClaw deployment so that only trusted operators can submit commands.\n- Avoid multi-tenant configurations on a single shared OpenClaw Gateway instance.\n\n**Remediation Steps:**\n1. Open your terminal and navigate to the root directory of your OpenClaw deployment.\n2. Verify the currently installed version using npm list openclaw.\n3. Run the package update command: npm install openclaw@2026.4.25.\n4. Restart the OpenClaw service to ensure the patched routing logic is compiled and loaded.\n5. Audit application logs to ensure focus commands are now accompanied by authorization challenges.\n\n## References\n\n- [GitHub Security Advisory GHSA-mpc8-jxjh-qpgh](https://github.com/openclaw/openclaw/security/advisories/GHSA-mpc8-jxjh-qpgh)\n- [NVD - CVE-2026-53850 Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-53850)\n- [VulnCheck Advisory for OpenClaw](https://www.vulncheck.com/advisories/openclaw-control-scope-enforcement-bypass-in-focus-command)\n- [OpenClaw GitHub Project Repository](https://github.com/openclaw/openclaw)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53850) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T07:11:14.000000Z"}, {"uuid": "08bd9224-335e-4aae-9bee-8f684c164d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53854", "type": "seen", "source": "https://gist.github.com/alon710/b45b870bc10a669d4ff8530bce9819db", "content": "# CVE-2026-53854: CVE-2026-53854: Privilege Escalation via Wildcard Authorization Inheritance in OpenClaw\n\n> **CVSS Score:** 6.0\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53854\n\n## Summary\nCVE-2026-53854 is an authorization bypass vulnerability in OpenClaw, an open-source WhatsApp gateway CLI and Pi RPC agent. The flaw exists in the command authentication flow where low-privilege actors communicating via internal or webchat interfaces inherit global wildcard authorization states across channel boundaries. This cross-channel inheritance allows unauthorized command execution with administrative privileges.\n\n## TL;DR\nA privilege escalation vulnerability in OpenClaw allows low-privilege internal/webchat senders to inherit wildcard administrative permissions, leading to unauthorized owner-level command execution.\n\n## Technical Details\n\n- **CWE ID**: CWE-863\n- **Attack Vector**: Network\n- **CVSS Score**: 6.0\n- **EPSS Score**: 0.00247\n- **Exploit Status**: None\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw\n\n## Mitigation\n\n- Upgrade OpenClaw instances to version 2026.4.25 or later\n- Replace all wildcard declarations in configuration files with explicit allowlists\n- Isolate internal and webchat control paths behind network firewalls or VPNs\n\n**Remediation Steps:**\n1. Determine the active version of OpenClaw running in the environment\n2. If the version is prior to 2026.4.25, schedule an immediate software update\n3. Review configuration files (config.json) for ownerAllowFrom parameters containing wildcard '*' characters\n4. Replace wildcard characters with defined, trusted administrator identifiers or phone numbers\n5. Apply the patch using npm install openclaw@2026.4.25 or pnpm update openclaw@2026.4.25\n6. Restart the gateway service and verify that the context-leak issue is resolved\n\n## References\n\n- [GitHub Security Advisory GHSA-4hpg-mp64-x7xq](https://github.com/openclaw/openclaw/security/advisories/GHSA-4hpg-mp64-x7xq)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53854) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T04:21:14.000000Z"}, {"uuid": "dc1be1d3-1a6c-4b17-be75-d799864ff9cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53852", "type": "seen", "source": "https://gist.github.com/alon710/e083ed26c473e5302badc99cce623436", "content": "# CVE-2026-53852: CVE-2026-53852: Scope Containment Bypass in OpenClaw Device Re-pairing\n\n> **CVSS Score:** 5.4\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53852\n\n## Summary\nOpenClaw versions prior to 2026.4.25 are subject to a scope containment bypass vulnerability in the device re-pairing component. When processing re-pairing requests, the application backend fails securely, allowing authenticated operators to bypass authorization containment policies. By submitting a re-pairing payload with an empty or omitted scope array, an operator can skip containment checks and retain broader, previously established administrative privileges. This vulnerability is classified under CWE-636: Not Failing Securely ('Failing Open').\n\n## TL;DR\nAn authorization bypass in OpenClaw allows authenticated operators to retain elevated privileges during device re-pairing by submitting an empty scope array, skipping containment guards.\n\n## Technical Details\n\n- **CWE ID**: CWE-636\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 5.4 (Medium)\n- **CVSS v4.0 Score**: 2.3 (Low)\n- **EPSS Score**: 0.00164 (0.164% probability)\n- **Exploit Status**: None (No public PoC)\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw (Node.js environments)\n- **OpenClaw**: < 2026.4.25 (Fixed in: `2026.4.25`)\n\n## Mitigation\n\n- Upgrade OpenClaw to version 2026.4.25 or newer.\n- Deploy Web Application Firewall (WAF) or API gateway rules to filter and block empty or missing 'scopes' parameters in re-pairing requests.\n- Implement strict schema validation using libraries like Joi or Zod at the API routing layer to validate array sizes.\n\n**Remediation Steps:**\n1. Identify all running instances of OpenClaw within the environment.\n2. Verify current active versions against the affected range (strictly before 2026.4.25).\n3. Pull the official 2026.4.25 release or newer from the vendor repository.\n4. Apply the patch and restart the Node.js application process.\n5. Review authorization logs for any historical pairing requests containing empty scope payloads to identify potential exploitation attempts.\n\n## References\n\n- [GitHub Security Advisory GHSA-8mg9-j9cf-54cj](https://github.com/openclaw/openclaw/security/advisories/GHSA-8mg9-j9cf-54cj)\n- [VulnCheck Intelligence Advisory](https://www.vulncheck.com/advisories/openclaw-scope-bypass-via-empty-scope-device-re-pairing)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53852)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53852) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T04:41:13.000000Z"}, {"uuid": "8141478e-edef-47a1-8384-7807f1246833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53852", "type": "seen", "source": "https://gist.github.com/alon710/21958fb84fc5c64da7368e4899e2b6cf", "content": "# CVE-2026-53852: CVE-2026-53852: Scope Containment Bypass in OpenClaw Device Re-pairing\n\n> **CVSS Score:** 5.4\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53852\n\n## Summary\nOpenClaw versions prior to 2026.4.25 are subject to a scope containment bypass vulnerability in the device re-pairing component. When processing re-pairing requests, the application backend fails securely, allowing authenticated operators to bypass authorization containment policies. By submitting a re-pairing payload with an empty or omitted scope array, an operator can skip containment checks and retain broader, previously established administrative privileges. This vulnerability is classified under CWE-636: Not Failing Securely ('Failing Open').\n\n## TL;DR\nAn authorization bypass in OpenClaw allows authenticated operators to retain elevated privileges during device re-pairing by submitting an empty scope array, skipping containment guards.\n\n## Technical Details\n\n- **CWE ID**: CWE-636\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 5.4 (Medium)\n- **CVSS v4.0 Score**: 2.3 (Low)\n- **EPSS Score**: 0.00164 (0.164% probability)\n- **Exploit Status**: None (No public PoC)\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw (Node.js environments)\n- **OpenClaw**: < 2026.4.25 (Fixed in: `2026.4.25`)\n\n## Mitigation\n\n- Upgrade OpenClaw to version 2026.4.25 or newer.\n- Deploy Web Application Firewall (WAF) or API gateway rules to filter and block empty or missing 'scopes' parameters in re-pairing requests.\n- Implement strict schema validation using libraries like Joi or Zod at the API routing layer to validate array sizes.\n\n**Remediation Steps:**\n1. Identify all running instances of OpenClaw within the environment.\n2. Verify current active versions against the affected range (strictly before 2026.4.25).\n3. Pull the official 2026.4.25 release or newer from the vendor repository.\n4. Apply the patch and restart the Node.js application process.\n5. Review authorization logs for any historical pairing requests containing empty scope payloads to identify potential exploitation attempts.\n\n## References\n\n- [GitHub Security Advisory GHSA-8mg9-j9cf-54cj](https://github.com/openclaw/openclaw/security/advisories/GHSA-8mg9-j9cf-54cj)\n- [VulnCheck Intelligence Advisory](https://www.vulncheck.com/advisories/openclaw-scope-bypass-via-empty-scope-device-re-pairing)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53852)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53852) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T05:02:08.000000Z"}, {"uuid": "0cec2dff-688c-48d8-8c40-fe46554326fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53853", "type": "seen", "source": "https://gist.github.com/alon710/4cbfed841590889a9a5bb73b59d8bf8b", "content": "# CVE-2026-53853: CVE-2026-53853: Protection Mechanism Bypass and Incorrect Authorization in OpenClaw Execution Gateway\n\n> **CVSS Score:** 8.3\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53853\n\n## Summary\nAn incorrect authorization vulnerability in OpenClaw before 2026.5.12 allows authenticated attackers with low privileges to bypass the argument restriction policy on Linux and macOS platforms. By exploiting the omitted validation of the argPattern parameter, attackers can execute allowlisted binaries with arbitrary command line arguments, leading to unauthorized code execution and system compromise.\n\n## TL;DR\nOpenClaw versions before 2026.5.12 on Linux and macOS skip validation of the argPattern configuration, enabling low-privileged users to execute allowlisted binaries with arbitrary, unauthorized arguments.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-693 (Protection Mechanism Failure), CWE-863 (Incorrect Authorization)\n- **Attack Vector**: Network\n- **CVSS Score**: 8.3\n- **Exploit Status**: poc\n- **Affected Platforms**: Linux, macOS\n- **Fixed Version**: 2026.5.12\n\n## Affected Systems\n\n- OpenClaw on Linux\n- OpenClaw on macOS\n\n## Mitigation\n\n- Upgrade to OpenClaw version 2026.5.12 or higher\n- Temporarily disable the execution gateway module if not required\n- Prune high-risk binaries from the command allowlist\n\n**Remediation Steps:**\n1. Identify current installation version of OpenClaw\n2. Backup configuration files and execution allowlist definitions\n3. Install the updated version 2026.5.12 of OpenClaw\n4. Verify that the argPattern validation is correctly working by attempting to run an allowlisted command with unauthorized arguments\n\n## References\n\n- [GitHub Security Advisory GHSA-v2ww-5rh7-2h5v](https://github.com/openclaw/openclaw/security/advisories/GHSA-v2ww-5rh7-2h5v)\n- [VulnCheck Advisory](https://www.vulncheck.com/advisories/openclaw-argument-pattern-bypass-in-exec-allowlist-via-linux-and-macos)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53853)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53853) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T08:11:42.000000Z"}, {"uuid": "ec725055-414b-45ab-953f-cbe1cb9db076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53857", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mogrwbchyc22", "content": "CVE-2026-53857 - OpenClaw\nCVE ID : CVE-2026-53857\n \n Published : June 16, 2026, 7:17 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom poli...", "creation_timestamp": "2026-06-16T21:53:17.896279Z"}, {"uuid": "d810ebb0-9d38-4d58-8e6a-dd7aae0b54a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53855", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mogs77t3sa2f", "content": "CVE-2026-53855 - OpenClaw\nCVE ID : CVE-2026-53855\n \n Published : June 16, 2026, 7:17 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shel...", "creation_timestamp": "2026-06-16T21:58:18.338930Z"}, {"uuid": "956a30a7-3ad1-4c56-a4ad-9ed56c692fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53855", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mogscln4xq2c", "content": "\ud83d\udfe0 CVE-2026-53855 - High (8.1)\n\nOpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated oper...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-53855/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-16T22:00:13.216056Z"}, {"uuid": "c15f6d8d-7938-47b7-9adf-e151208ec49a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53858", "type": "seen", "source": "https://gist.github.com/alon710/b863239f1325d87e011dc1044f290c3c", "content": "# CVE-2026-53858: CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw\n\n> **CVSS Score:** 7.1\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53858\n\n## Summary\nOpenClaw versions prior to 2026.5.2 are vulnerable to an untrusted search path flaw (CWE-426) during workspace initialization. When an operator opens a workspace, the application parses the workspace's local `.env` file and uses the unvalidated `STATE_DIRECTORY` variable to resolve and execute bundled runtime dependencies. An attacker can exploit this to achieve local code execution under the security context of the operator.\n\n## TL;DR\nOpenClaw prior to 2026.5.2 loads critical system state paths from untrusted workspace `.env` files, enabling local code execution through dependency path hijacking.\n\n## Technical Details\n\n- **CWE ID**: CWE-426 (Untrusted Search Path)\n- **Attack Vector**: Local (L)\n- **CVSS v3.1 Score**: 7.1 (High)\n- **EPSS Score**: 0.00124 (Percentile: 2.46%)\n- **Impact**: Local Code Execution (LCE)\n- **Exploit Status**: None (No public exploit/PoC available)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw (npm package 'openclaw') running on developer or operator workspaces\n- **openclaw**: < 2026.5.2 (Fixed in: `2026.5.2`)\n\n## Mitigation\n\n- Upgrade OpenClaw to version 2026.5.2 or higher\n- Manually inspect and sanitize workspace .env files before opening\n- Disable auto-loading of repository-level environment configurations\n\n**Remediation Steps:**\n1. Identify all active installations of the openclaw npm package across development environments.\n2. Update openclaw dependencies to version 2026.5.2 via 'npm update openclaw'.\n3. Configure static analysis rules to flag any local repository containing 'STATE_DIRECTORY' overrides inside '.env' files.\n4. Restrict outbound network access from OpenClaw execution boundaries to prevent payload exfiltration.\n\n## References\n\n- [GitHub Security Advisory GHSA-wc84-j36w-pw4x](https://github.com/openclaw/openclaw/security/advisories/GHSA-wc84-j36w-pw4x)\n- [VulnCheck Security Advisory](https://www.vulncheck.com/advisories/openclaw-arbitrary-runtime-dependency-loading-via-state-directory-environment-variable)\n- [CVE.org Official Record](https://www.cve.org/CVERecord?id=CVE-2026-53858)\n- [NVD Official Record](https://nvd.nist.gov/vuln/detail/CVE-2026-53858)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53858) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T05:42:26.000000Z"}, {"uuid": "7cdea049-7f27-4f10-892a-c0f071b4a2f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53856", "type": "seen", "source": "https://gist.github.com/alon710/ce6be6956edb730f85105a449ccea809", "content": "# CVE-2026-53856: CVE-2026-53856: Incorrect Permission Assignment for Critical Resource in OpenClaw Config Recovery\n\n> **CVSS Score:** 5.7\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53856\n\n## Summary\nOpenClaw versions before 2026.4.24 contain an insecure file permissions vulnerability in the configuration recovery mechanism. When a local configuration repair is triggered, the recovery path restores the primary configuration file, `openclaw.json`, with overly broad permissions. This enables low-privileged local attackers in multi-user or shared hosting environments to read sensitive system credentials, API tokens, and private assistant configurations.\n\n## TL;DR\nOpenClaw's configuration recovery mechanism recreates `openclaw.json` with overly permissive file system permissions (e.g., 0644 instead of 0600). This allows local, low-privileged users on the same host to read sensitive parameters, including OpenAI and Anthropic API keys.\n\n## Technical Details\n\n- **CWE ID**: CWE-732\n- **Attack Vector**: Local\n- **CVSS v4.0 Score**: 5.7 (Medium)\n- **EPSS Score**: 0.00094\n- **Impact**: High Confidentiality Loss\n- **Exploit Status**: none\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw operating in multi-user or shared hosting environments\n- **OpenClaw**: >= 2026.4.23, < 2026.4.24 (Fixed in: `2026.4.24`)\n\n## Mitigation\n\n- Upgrade OpenClaw to version 2026.4.24 or later to ensure the recovery routine writes the configuration file with secure permissions.\n- Manually modify permissions of the existing 'openclaw.json' to restrict read and write access to the owner only.\n- Configure a restrictive system umask (such as 0077) for the user account running the OpenClaw service.\n\n**Remediation Steps:**\n1. Identify the installation path of the OpenClaw configuration file (usually 'openclaw.json').\n2. Apply owner-only permissions to the file using the command: chmod 600 /path/to/openclaw/openclaw.json\n3. Verify the permissions are securely set by running: ls -la /path/to/openclaw/openclaw.json\n4. Upgrade the application binary to version 2026.4.24 to permanently fix the recovery path logic.\n\n## References\n\n- [GitHub Security Advisory (GHSA-rwp6-7w3q-75fq)](https://github.com/openclaw/openclaw/security/advisories/GHSA-rwp6-7w3q-75fq)\n- [VulnCheck Advisory Detail](https://www.vulncheck.com/advisories/openclaw-insecure-file-permissions-in-config-recovery-via-openclaw-json)\n- [CVE.org Record for CVE-2026-53856](https://www.cve.org/CVERecord?id=CVE-2026-53856)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53856) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T09:41:32.000000Z"}, {"uuid": "b879e1e7-62dc-49e5-a9a1-a022cbb0ceeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53857", "type": "seen", "source": "https://gist.github.com/alon710/f7dddc065a286d49734bb0de9451848c", "content": "# CVE-2026-53857: CVE-2026-53857: Authentication Bypass via Mutable Display Name Spoofing in OpenClaw allowFrom Policy\n\n> **CVSS Score:** 8.6\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53857\n\n## Summary\nCVE-2026-53857 (GHSA-8c59-hr4w-qg69) is a high-severity authentication bypass vulnerability in OpenClaw (formerly Moltbot/Clawdbot) versions prior to 2026.5.3. The vulnerability arises from an insecure authorization mechanism in the Zalo messaging platform integration. Instead of matching access-control whitelist criteria to persistent and immutable user identifiers, the OpenClaw framework evaluated permissions based on mutable, user-controlled display names. An attacker can exploit this weakness by changing their Zalo profile display name to match a legitimate identity authorized in the allowFrom policy, gaining full access to restricted agent capabilities.\n\n## TL;DR\nOpenClaw versions prior to 2026.5.3 authenticate Zalo users using their mutable display names rather than unique user IDs. Attackers can bypass access controls simply by changing their display name to match an authorized user's name.\n\n## Technical Details\n\n- **CWE ID**: CWE-290 (Authentication Bypass by Spoofing)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0 Score**: 8.6 (High)\n- **EPSS Score**: 0.00213 (Percentile: 11.50%)\n- **Impact**: High Confidentiality, High Integrity (VC:H/VI:H)\n- **Exploit Status**: No public exploits or weaponized PoCs available\n- **KEV Status**: Not listed in the CISA KEV Catalog\n\n## Affected Systems\n\n- OpenClaw Integration Framework\n- **OpenClaw**: < 2026.5.3 (Fixed in: `2026.5.3`)\n\n## Mitigation\n\n- Upgrade OpenClaw installations to version 2026.5.3 or later to enforce immutable user ID validation.\n- Deactivate the Zalo messaging integration channel entirely if immediate patching cannot be performed.\n- Restrict the bot account settings within the Zalo platform to reject automatic buddy or contact requests.\n\n**Remediation Steps:**\n1. Identify all deployed instances of the OpenClaw framework running version ranges prior to 2026.5.3.\n2. Pull the official patch update from the upstream repository or update the package dependencies to 2026.5.3.\n3. Update your `allowFrom` configurations by replacing any human-readable display names with the immutable, unique Zalo Account IDs for all authorized personnel.\n4. Restart the OpenClaw service and review the initialization logs to verify that the parsing engine is active and verifying the newly formatted IDs.\n\n## References\n\n- [GitHub Security Advisory GHSA-8c59-hr4w-qg69](https://github.com/openclaw/openclaw/security/advisories/GHSA-8c59-hr4w-qg69)\n- [VulnCheck Advisory for OpenClaw Mutable Display Name Binding](https://www.vulncheck.com/advisories/openclaw-mutable-display-name-binding-in-zalo-allowfrom-policy)\n- [Wiz Vulnerability Database Entry](https://www.wiz.io/vulnerability-database/cve/cve-2026-53857)\n- [CVE-2026-53857 Record](https://www.cve.org/CVERecord?id=CVE-2026-53857)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53857) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T11:11:26.000000Z"}, {"uuid": "dfcdaa27-c449-4ac5-a86f-8fce5853f1fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53857", "type": "seen", "source": "https://gist.github.com/alon710/be9211ec3a305ce39ef3284bab7182dd", "content": "# CVE-2026-53857: CVE-2026-53857: Authentication Bypass via Mutable Display Name Spoofing in OpenClaw allowFrom Policy\n\n> **CVSS Score:** 8.6\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53857\n\n## Summary\nCVE-2026-53857 (GHSA-8c59-hr4w-qg69) is a high-severity authentication bypass vulnerability in OpenClaw (formerly Moltbot/Clawdbot) versions prior to 2026.5.3. The vulnerability arises from an insecure authorization mechanism in the Zalo messaging platform integration. Instead of matching access-control whitelist criteria to persistent and immutable user identifiers, the OpenClaw framework evaluated permissions based on mutable, user-controlled display names. An attacker can exploit this weakness by changing their Zalo profile display name to match a legitimate identity authorized in the allowFrom policy, gaining full access to restricted agent capabilities.\n\n## TL;DR\nOpenClaw versions prior to 2026.5.3 authenticate Zalo users using their mutable display names rather than unique user IDs. Attackers can bypass access controls simply by changing their display name to match an authorized user's name.\n\n## Technical Details\n\n- **CWE ID**: CWE-290 (Authentication Bypass by Spoofing)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0 Score**: 8.6 (High)\n- **EPSS Score**: 0.00213 (Percentile: 11.50%)\n- **Impact**: High Confidentiality, High Integrity (VC:H/VI:H)\n- **Exploit Status**: No public exploits or weaponized PoCs available\n- **KEV Status**: Not listed in the CISA KEV Catalog\n\n## Affected Systems\n\n- OpenClaw Integration Framework\n- **OpenClaw**: < 2026.5.3 (Fixed in: `2026.5.3`)\n\n## Mitigation\n\n- Upgrade OpenClaw installations to version 2026.5.3 or later to enforce immutable user ID validation.\n- Deactivate the Zalo messaging integration channel entirely if immediate patching cannot be performed.\n- Restrict the bot account settings within the Zalo platform to reject automatic buddy or contact requests.\n\n**Remediation Steps:**\n1. Identify all deployed instances of the OpenClaw framework running version ranges prior to 2026.5.3.\n2. Pull the official patch update from the upstream repository or update the package dependencies to 2026.5.3.\n3. Update your `allowFrom` configurations by replacing any human-readable display names with the immutable, unique Zalo Account IDs for all authorized personnel.\n4. Restart the OpenClaw service and review the initialization logs to verify that the parsing engine is active and verifying the newly formatted IDs.\n\n## References\n\n- [GitHub Security Advisory GHSA-8c59-hr4w-qg69](https://github.com/openclaw/openclaw/security/advisories/GHSA-8c59-hr4w-qg69)\n- [VulnCheck Advisory for OpenClaw Mutable Display Name Binding](https://www.vulncheck.com/advisories/openclaw-mutable-display-name-binding-in-zalo-allowfrom-policy)\n- [Wiz Vulnerability Database Entry](https://www.wiz.io/vulnerability-database/cve/cve-2026-53857)\n- [CVE-2026-53857 Record](https://www.cve.org/CVERecord?id=CVE-2026-53857)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53857) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T11:22:09.000000Z"}, {"uuid": "0ddb1c7f-e308-4ec7-a237-504b0d6ca411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53857", "type": "seen", "source": "https://gist.github.com/alon710/23ca157b1ad763d563384387e7bf55a3", "content": "# CVE-2026-53857: CVE-2026-53857: Authentication Bypass via Mutable Display Name Spoofing in OpenClaw allowFrom Policy\n\n> **CVSS Score:** 8.6\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53857\n\n## Summary\nCVE-2026-53857 (GHSA-8c59-hr4w-qg69) is a high-severity authentication bypass vulnerability in OpenClaw (formerly Moltbot/Clawdbot) versions prior to 2026.5.3. The vulnerability arises from an insecure authorization mechanism in the Zalo messaging platform integration. Instead of matching access-control whitelist criteria to persistent and immutable user identifiers, the OpenClaw framework evaluated permissions based on mutable, user-controlled display names. An attacker can exploit this weakness by changing their Zalo profile display name to match a legitimate identity authorized in the allowFrom policy, gaining full access to restricted agent capabilities.\n\n## TL;DR\nOpenClaw versions prior to 2026.5.3 authenticate Zalo users using their mutable display names rather than unique user IDs. Attackers can bypass access controls simply by changing their display name to match an authorized user's name.\n\n## Technical Details\n\n- **CWE ID**: CWE-290 (Authentication Bypass by Spoofing)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0 Score**: 8.6 (High)\n- **EPSS Score**: 0.00213 (Percentile: 11.50%)\n- **Impact**: High Confidentiality, High Integrity (VC:H/VI:H)\n- **Exploit Status**: No public exploits or weaponized PoCs available\n- **KEV Status**: Not listed in the CISA KEV Catalog\n\n## Affected Systems\n\n- OpenClaw Integration Framework\n- **OpenClaw**: < 2026.5.3 (Fixed in: `2026.5.3`)\n\n## Mitigation\n\n- Upgrade OpenClaw installations to version 2026.5.3 or later to enforce immutable user ID validation.\n- Deactivate the Zalo messaging integration channel entirely if immediate patching cannot be performed.\n- Restrict the bot account settings within the Zalo platform to reject automatic buddy or contact requests.\n\n**Remediation Steps:**\n1. Identify all deployed instances of the OpenClaw framework running version ranges prior to 2026.5.3.\n2. Pull the official patch update from the upstream repository or update the package dependencies to 2026.5.3.\n3. Update your `allowFrom` configurations by replacing any human-readable display names with the immutable, unique Zalo Account IDs for all authorized personnel.\n4. Restart the OpenClaw service and review the initialization logs to verify that the parsing engine is active and verifying the newly formatted IDs.\n\n## References\n\n- [GitHub Security Advisory GHSA-8c59-hr4w-qg69](https://github.com/openclaw/openclaw/security/advisories/GHSA-8c59-hr4w-qg69)\n- [VulnCheck Advisory for OpenClaw Mutable Display Name Binding](https://www.vulncheck.com/advisories/openclaw-mutable-display-name-binding-in-zalo-allowfrom-policy)\n- [Wiz Vulnerability Database Entry](https://www.wiz.io/vulnerability-database/cve/cve-2026-53857)\n- [CVE-2026-53857 Record](https://www.cve.org/CVERecord?id=CVE-2026-53857)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53857) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T11:46:12.000000Z"}]}