These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-53866 is a HIGH-severity vulnerability in OpenClaw, a software that contains an allowlist bypass vulnerability in shell inline-command parsing. This vulnerability, with a CVSS score of 7.6, allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell conte [truncated]
CVE-2026-53865 is a HIGH-severity vulnerability in OpenClaw, a software that is vulnerable to path traversal attacks. The vulnerability, which has a CVSS score of 7.2, allows workspace-derived service paths to influence trash command selection, enabling attackers to execute unintended local executables from operator-unintended paths during maintenance operations.
CVE-2026-53864 is a HIGH-severity vulnerability in OpenClaw, a software that failed to properly sanitize environment variables, allowing attackers to influence child processes or coverage output paths. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
CVE-2026-53863 is a MEDIUM severity vulnerability in OpenClaw, a tool that contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. This vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2026-53862 is a low-severity vulnerability in OpenClaw, a software that enables secure pairing and authentication. The vulnerability, disclosed on June 16, 2026, allows an attacker to replay bootstrap tokens before approval, potentially escalating pairing authority beyond intended scope limits.
CVE-2026-53861 is a MEDIUM severity vulnerability in OpenClaw before version 2026.5.6. The vulnerability is caused by an allowlist bypass in the macOS Swift exec feature, which misses combined POSIX inline-command flags. This allows attackers to execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator [truncated]
CVE-2026-53860 is a low-severity vulnerability in OpenClaw, specifically in the BlueBubbles component. The vulnerability allows participants to bypass sender policy by matching allowlist entries through conversation metadata rather than stable sender identity. This could potentially allow attackers to influence conversation-level identifiers and receive agent responses intended for configured senders, byp [truncated]
CVE-2026-53859 is a MEDIUM-severity vulnerability in OpenClaw, a software that contains a hostname validation vulnerability. This vulnerability allows attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. As a result, attackers can reach destinations that operators intended to block through hostname policies.
CVE-2026-53858 is a HIGH severity vulnerability in OpenClaw before version 2026.5.2. The vulnerability is caused by an environment variable injection issue where the workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. This allows attackers to manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local paths, potentially executing malicious code d [truncated]
CVE-2026-53857 is a HIGH-severity vulnerability in OpenClaw, a software that contains a policy enforcement issue. The vulnerability has a CVSS score of 8.6. The issue arises from OpenClaw's handling of Zalo contacts with mutable display metadata, which could allow an attacker to receive agent responses intended for different Zalo identities when the feature is enabled. This vulnerability was published on [truncated]
CVE-2026-53856 is a MEDIUM-severity vulnerability in OpenClaw, a software that contains an insecure file permissions vulnerability in its config recovery feature. The vulnerability allows local attackers on shared hosts to read sensitive configuration data by exploiting the recovery path to access the restored config file.
CVE-2026-53855 is a HIGH-severity vulnerability in OpenClaw, a software that enables users to manage and automate various tasks. The vulnerability, which has a CVSS score of 7.6, allows authenticated operators to bypass strict allowlist checks via shell positional parameters, potentially enabling the execution of unapproved shell-provided content.
CVE-2026-53854 is a medium-severity privilege escalation vulnerability in OpenClaw before version 2026.4.25. The vulnerability allows senders to inherit the 'ownerAllowFrom' wildcard state across channel boundaries, potentially bypassing access controls. Attackers can exploit this by sending commands on affected internal or webchat paths to execute owner-style command behavior outside intended channel scope.
CVE-2026-53853 is a HIGH-severity vulnerability in OpenClaw, a software that was vulnerable to an argument pattern validation bypass in its exec allowlist. The vulnerability, which was published on 2026-06-16T19:17:02.650Z and modified on 2026-06-16T20:42:46.200Z, allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. This could potentially enable unauthor [truncated]
CVE-2026-53852 is a scope containment bypass vulnerability in OpenClaw before version 2026.4.25. The vulnerability occurs in the device re-pairing process and allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. This can be exploited by attackers to send re-pairing requests with empty scope sets, effectively skipping containment guards and r [truncated]
CVE-2026-53851 is a MEDIUM-severity vulnerability (CVSS Score: 6.3) in OpenClaw, a software that appears to be related to automation or workflow management, potentially involving Slack integration. The issue, publicly disclosed on 2026-06-16, allows attackers to bypass notification settings for Slack reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.
CVE-2026-53850 is a MEDIUM-severity vulnerability in OpenClaw, a software that was vulnerable to a control scope enforcement bypass in its focus command feature. The vulnerability, which has a CVSS score of 6.8, allows authenticated callers to execute the focus command without proper authorization checks, potentially enabling unauthorized operations depending on gateway configuration and input trust level [truncated]
CVE-2026-53849 is a HIGH-severity vulnerability in OpenClaw, a software that failed to properly validate Discord account identities. The vulnerability exists in versions prior to 2026.5.7 and is caused by the allowFrom feature using mutable display names instead of immutable user IDs. This oversight allows attackers with Discord accounts to change their display name to match a policy entry and gain unauth [truncated]
CVE-2026-53848 is a low-severity vulnerability in OpenClaw before version 2026.5.26 that allows authenticated operators to bypass the exec allowlist and execute wrapper-level side effects outside allowlisted command intent. The vulnerability has a CVSS score of 2.3 and is classified as CWE-184. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers [truncated]
CVE-2026-53847 is a medium-severity privilege escalation vulnerability in OpenClaw before 2026.5.6. The vulnerability allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. This is possible due to insufficient scope validation in the Active Memory write scope, enabling attackers to apply unauthorized configuration changes beyond the [truncated]
CVE-2026-53846 is a HIGH-severity vulnerability in OpenClaw, a software that was vulnerable to a path traversal issue. The vulnerability, which has a CVSS score of 7, was published on 2026-06-16T19:17:01.653Z and last modified on 2026-06-16T20:42:46.200Z. The issue allows attackers with workspace access to execute unintended local package-manager executables during dependency setup, potentially compromisi [truncated]
CVE-2026-53845 is a low-severity vulnerability (CVSS Score: 2.3) affecting OpenClaw before version 2026.5.6. The vulnerability is caused by a hook bypass issue where skill commands routed through the affected dispatch path skip before-tool-calls hook coverage. This allows attackers to bypass hook-based auditing and policy enforcement mechanisms by sending skill commands through the vulnerable dispatch path.
CVE-2026-53844 is a session visibility check bypass vulnerability in OpenClaw before version 2026.4.29. The vulnerability allows authenticated callers to access memory entries without proper authorization, effectively bypassing session visibility guards on the search path. This could enable attackers to retrieve memory entries that should not be visible to their session.
CVE-2026-53843 is a HIGH-severity vulnerability in OpenClaw before version 2026.5.26. The vulnerability allows an authorization bypass, enabling a paired device to regain WebSocket node-level access without renewed approval after revocation. This weakness in revocation controls can maintain unauthorized access longer than intended. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.7.
CVE-2026-53841 is a low-severity cross-site scripting (XSS) vulnerability in OpenClaw before version 2026.5.12. The vulnerability occurs in exported session HTML, where unsafe javascript: and data: links are preserved, allowing attackers to execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.
CVE-2026-53840 is an information disclosure vulnerability in OpenClaw before 2026.5.12. The vulnerability affects streamable-http MCP servers that forward user-configured custom headers during cross-origin redirects. This allows attackers controlling or compromising an MCP endpoint to redirect requests and exfiltrate sensitive headers like API keys or tenant-routing credentials to attacker-controlled orig [truncated]
CVE-2026-53839 is a medium-severity vulnerability in OpenClaw, a software that contains a hostname validation vulnerability in retry endpoint checks. The vulnerability allows attackers to craft a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6, indicating a medium severity level.
CVE-2026-53838 is a medium-severity vulnerability in OpenClaw, a software that enables node pairing. The vulnerability, tracked as CWE-367, allows paired nodes to confuse approval scope decisions due to a state mutation issue in the node pairing reconnection logic. This could enable attackers to bypass approval restrictions by exploiting the reconnection logic to restore or present broader node authority [truncated]
CVE-2026-53836 is a HIGH severity vulnerability in OpenClaw that allows remote authenticated operators to bypass execution allowlist checks using unrecognized encoded-command alias forms to execute arbitrary PowerShell content. The vulnerability has a CVSS score of 8.7.
CVE-2026-53835 is a configuration enforcement bypass vulnerability in OpenClaw before version 2026.5.6. The vulnerability affects the Feishu dynamic-agent bindings, allowing authenticated senders to create or update bindings without honoring configured config-write controls. This could enable attackers to change sender-agent binding state beyond intended policy, potentially allowing unauthorized binding m [truncated]
CVE-2026-53834 is a HIGH-severity vulnerability in OpenClaw, a software that contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands. The vulnerability, which has a CVSS score of 8.2, allows authenticated senders to skip allowFrom policy checks, potentially triggering command handling from blocked senders depending on operator configuration.
CVE-2026-53832 is a HIGH-severity vulnerability in OpenClaw, a software that enables identity header validation. The vulnerability has a CVSS score of 7.4 and allows local same-host callers to forge trusted-proxy identity headers. This could potentially enable attackers with access to the proxy-facing Gateway port to assume operator identity and escalate privileges.
CVE-2026-53831 is a high-severity policy enforcement vulnerability in OpenClaw before version 2026.5.18. The vulnerability is located in the system.run safe-bin allowlist validation and allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration d [truncated]
CVE-2026-53830 is a MEDIUM-severity vulnerability in OpenClaw, a software that contains a webhook secret revocation bypass vulnerability. The vulnerability allows callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. This means that attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation, potentially accepting previ [truncated]
CVE-2026-53829 is a HIGH severity vulnerability in OpenClaw before 2026.5.18. The approval display truncation vulnerability allows authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.
CVE-2026-53827 is a credential exposure vulnerability in OpenClaw before version 2026.5.2. The vulnerability occurs in the message.action forwarding feature, which allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. This enables remote attackers to intercept Gateway tokens and action payloads by providing malicious loopback targets throu [truncated]
CVE-2026-53825 is a HIGH severity vulnerability in OpenClaw before version 2026.4.7. The vulnerability is an arbitrary file read issue in the memory-wiki ingest feature, allowing authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file paths to import file content into wiki memory, b [truncated]
CVE-2026-53824 is a medium-severity vulnerability in OpenClaw, a software that enables slash command functionality. The vulnerability occurs due to a token revocation issue, where callers with revoked slash tokens can continue executing commands during monitor refresh windows. This allows attackers to exploit stale token acceptance and invoke slash command behavior briefly after token revocation, potentia [truncated]
CVE-2026-53823 is a HIGH severity vulnerability in OpenClaw before 2026.5.3. The allowFrom feature binds to mutable Slack display names, allowing attackers with Slack account access to change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other identities. The vulnerability has a CVSS score of 8.6.
CVE-2026-53822 is a high-severity command injection vulnerability in OpenClaw before version 2026.5.18. The vulnerability occurs in the shell wrapper argv, which can change between approval and execution, allowing attackers to rebuild command arguments and potentially bypass security controls. The CVSS score for this vulnerability is 8.7, indicating a high severity.
CVE-2026-53821 is a HIGH-severity vulnerability in OpenClaw, a software that enables trusted-proxy Control UI clients. The vulnerability has a CVSS score of 8.7. The issue arises from OpenClaw's acceptance of WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. This allows unpaired or restricted trusted-proxy Control UI clients to obt [truncated]
CVE-2026-53820 is a MEDIUM-severity vulnerability in OpenClaw, a software that contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path. This vulnerability allows authenticated callers to bypass intended command restrictions, potentially leading to unauthorized access or malicious activity.
CVE-2026-53819 is a HIGH-severity vulnerability in OpenClaw before version 2026.5.27. The vulnerability allows for arbitrary code execution during skill setup when an attacker with access to a trusted operator workspace can override the Homebrew executable selection using workspace .env files.
CVE-2026-53818 is a MEDIUM-severity vulnerability in OpenClaw, a software framework. The vulnerability exists in the MCP loopback feature and allows non-owner callers to bypass owner-only tool policies and before-tool-call hooks. This could enable attackers to execute restricted tools when the feature is enabled and reachable. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
CVE-2026-53817 is a HIGH severity vulnerability in OpenClaw before 2026.5.22. The vulnerability is caused by insufficient locality-derived trust validation in Control UI pairing, allowing attackers with network access to spoof locality information and obtain durable admin-capable device tokens. This can be exploited to convert temporary shared access into persistent administrative credentials that survive [truncated]
CVE-2026-53816 is a HIGH-severity vulnerability in OpenClaw, a software framework, which was published on 2026-06-11T21:16:23.830Z and modified on 2026-06-12T20:08:26.270Z. The vulnerability has a CVSS score of 8.6 and is categorized under CWE-862. The vulnerability exists in the node event handling of OpenClaw, allowing paired nodes to forge exec lifecycle events without proper authorization, potentially [truncated]
CVE-2026-53815 is an authorization bypass vulnerability in OpenClaw before version 2026.5.19. The vulnerability affects the message read actions, where insufficient validation was performed, allowing lower-trust callers to request messages from channels not intended for them. This could potentially expose sensitive channel messages. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity.
CVE-2026-53814 is a high-severity privilege escalation vulnerability in OpenClaw before version 2026.5.20. The vulnerability occurs when hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. This allows attackers with a valid hook token to exploit the /hooks/agent endpoint, potentially leading to the execution of privileged actions such as per [truncated]
CVE-2026-53813 is a HIGH-severity vulnerability in OpenClaw, a software that is susceptible to a path traversal attack. The vulnerability exists in the memory-core artifact loading process, where an attacker with access to an affected workspace can load artifacts from unintended local locations. This could potentially allow the execution of malicious code or access to sensitive data.
CVE-2026-53812 is a medium-severity server-side request forgery vulnerability in OpenClaw before version 2026.5.18. Authenticated users can bypass private-network navigation checks through Playwright act interactions, allowing attackers to trigger navigation to private-network targets via action-triggered redirects and read restricted page content using browser evaluation capabilities.