PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53809 OpenClaw CVE debrief

CVE-2026-53809 is a policy bypass vulnerability in OpenClaw before 2026.4.25. The vulnerability is caused by the embedded runner policy allowing requests using provider aliases to compare against aliases instead of canonical provider identities. This can lead to attackers exploiting this confusion to select bundled tool access outside intended provider policy restrictions when the affected feature is enabled. The CVSS score for this vulnerability is 4.8, and the severity is classified as MEDIUM.

Vendor
OpenClaw
Product
Unknown
CVSS
MEDIUM 4.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-11
Original CVE updated
2026-06-12
Advisory published
2026-06-11
Advisory updated
2026-06-12

Who should care

Users of OpenClaw before version 2026.4.25 should be aware of this vulnerability and take necessary actions to mitigate it.

Technical summary

The vulnerability is caused by the embedded runner policy in OpenClaw allowing requests using provider aliases to compare against aliases instead of canonical provider identities. This can lead to policy bypass and unauthorized access to bundled tool access.

Defensive priority

MEDIUM

Recommended defensive actions

  • Upgrade OpenClaw to version 2026.4.25 or later.
  • Refer to [ref-4](https://github.com/openclaw/openclaw/security/advisories/GHSA-p39j-x9h5-q66m) and [ref-5](https://www.vulncheck.com/advisories/openclaw-provider-alias-confusion-in-embedded-runner-policy) for mitigation.

Evidence notes

The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-53809) and detailed on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-53809).

Official resources

CVE-2026-53809 was published on 2026-06-11T21:16:22.857Z and modified on 2026-06-12T19:32:51.550Z.