PatchSiren cyber security CVE debrief
CVE-2026-53808 OpenClaw CVE debrief
CVE-2026-53808 is a MEDIUM severity vulnerability in OpenClaw, a software that contains an approval policy bypass vulnerability in the Skill Workshop apply flow. The vulnerability allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before the expected approval step, potentially modifying configurations without proper authorization.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw software should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by an approval policy bypass in the Skill Workshop apply flow of OpenClaw software. The CVSS score is 6, and the CVSS severity is MEDIUM.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade OpenClaw to version 2026.5.6 or later.
- Refer to [ref-4](https://github.com/openclaw/openclaw/security/advisories/GHSA-cqwv-9qjx-vxw2) and [ref-5](https://www.vulncheck.com/advisories/openclaw-approval-policy-bypass-in-skill-workshop-apply-flow) for mitigation
Evidence notes
The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-53808) and detailed on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-53808).
Official resources
-
CVE-2026-53808 CVE record
CVE.org
-
CVE-2026-53808 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-53808 was published on 2026-06-11T21:16:22.717Z and modified on 2026-06-12T19:32:56.763Z.