PatchSiren cyber security CVE debrief
CVE-2026-53845 OpenClaw CVE debrief
CVE-2026-53845 is a low-severity vulnerability (CVSS Score: 2.3) affecting OpenClaw before version 2026.5.6. The vulnerability is caused by a hook bypass issue where skill commands routed through the affected dispatch path skip before-tool-calls hook coverage. This allows attackers to bypass hook-based auditing and policy enforcement mechanisms by sending skill commands through the vulnerable dispatch path.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- LOW 2.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of OpenClaw before version 2026.5.6 should be aware of this vulnerability and take necessary actions to update to a patched version.
Technical summary
The vulnerability is caused by a hook bypass issue in OpenClaw before 2026.5.6. The affected dispatch path allows skill commands to skip before-tool-calls hook coverage, enabling attackers to bypass hook-based auditing and policy enforcement mechanisms.
Defensive priority
Low
Recommended defensive actions
- Update OpenClaw to version 2026.5.6 or later.
- Review and update affected systems and configurations.
Evidence notes
The CVE record was published on [resourceLinkAnnotations:cve-org] and additional details can be found on [resourceLinkAnnotations:nvd].
Official resources
CVE-2026-53845 was published on 2026-06-16T19:17:01.520Z and modified on 2026-06-16T20:42:46.200Z.