PatchSiren cyber security CVE debrief
CVE-2026-53818 OpenClaw CVE debrief
CVE-2026-53818 is a MEDIUM-severity vulnerability in OpenClaw, a software framework. The vulnerability exists in the MCP loopback feature and allows non-owner callers to bypass owner-only tool policies and before-tool-call hooks. This could enable attackers to execute restricted tools when the feature is enabled and reachable. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw, especially those who have enabled the MCP loopback feature, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 6.9 and is classified as CWE-862. It allows local attackers with low privileges to execute restricted tools. The affected version of OpenClaw is before 2026.4.24.
Defensive priority
MEDIUM
Recommended defensive actions
- Update OpenClaw to version 2026.4.24 or later.
- Disable the MCP loopback feature if not in use.
- Restrict access to the feature to only authorized users.
Evidence notes
Evidence for this CVE comes from the NVD and the OpenClaw security advisory.
Official resources
-
CVE-2026-53818 CVE record
CVE.org
-
CVE-2026-53818 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-53818 was published on 2026-06-11T21:16:24.090Z and modified on 2026-06-12T20:08:06.780Z.