PatchSiren cyber security CVE debrief
CVE-2026-53836 OpenClaw CVE debrief
CVE-2026-53836 is a HIGH severity vulnerability in OpenClaw that allows remote authenticated operators to bypass execution allowlist checks using unrecognized encoded-command alias forms to execute arbitrary PowerShell content. The vulnerability has a CVSS score of 8.7.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw before version 2026.5.12 should apply the patch to prevent exploitation of this vulnerability.
Technical summary
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling. This vulnerability allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch for OpenClaw version 2026.5.12 or later.
- Restrict access to authenticated operators to minimize the attack surface.
- Monitor for suspicious PowerShell activity.
Evidence notes
Evidence of this vulnerability can be found in the CVE record [cve-org] and the NVD detail page [nvd].
Official resources
CVE-2026-53836 was published on 2026-06-12T22:16:55.413Z and has not been modified since then.