PatchSiren cyber security CVE debrief
CVE-2026-53822 OpenClaw CVE debrief
CVE-2026-53822 is a high-severity command injection vulnerability in OpenClaw before version 2026.5.18. The vulnerability occurs in the shell wrapper argv, which can change between approval and execution, allowing attackers to rebuild command arguments and potentially bypass security controls. The CVSS score for this vulnerability is 8.7, indicating a high severity.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw before version 2026.5.18 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by the shell wrapper argv changing between approval and execution, allowing attackers to modify command arguments. This can lead to the execution of unapproved command shapes, potentially bypassing security controls.
Defensive priority
High
Recommended defensive actions
- Upgrade to OpenClaw version 2026.5.18 or later.
- Review and update security controls to ensure they are not bypassed by this vulnerability.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4] and [ref-5].
Official resources
CVE-2026-53822 was published on 2026-06-12T22:16:53.317Z and has not been modified since then.