PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53814 OpenClaw CVE debrief

CVE-2026-53814 is a high-severity privilege escalation vulnerability in OpenClaw before version 2026.5.20. The vulnerability occurs when hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. This allows attackers with a valid hook token to exploit the /hooks/agent endpoint, potentially leading to the execution of privileged actions such as persistent cron state modifications.

Vendor
OpenClaw
Product
Unknown
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-11
Original CVE updated
2026-06-12
Advisory published
2026-06-11
Advisory updated
2026-06-12

Who should care

Users of OpenClaw before version 2026.5.20 should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

high

Recommended defensive actions

  • Upgrade OpenClaw to version 2026.5.20 or later.
  • Review and restrict access to the /hooks/agent endpoint.
  • Ensure that hook tokens are properly secured and not exposed to unauthorized parties.

Evidence notes

The vulnerability was published on June 11, 2026, and modified on June 12, 2026. The CVE record can be found at [cve-org]. More details are available at [nvd].

Official resources

CVE-2026-53814 was disclosed via https://github.com/openclaw/openclaw/security/advisories/GHSA-6fvr-66p3-3qj4 and https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-hook-triggered-cli-mcp-tool-authority