CVE-2026-53806
HIGHOpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation
Title source: cnaDescription
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling unauthorized command execution when the affected feature is enabled.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
patch
GitHub Security Advisory (GHSA-vxx3-6hc9-7cc3)
https://github.com/openclaw/openclaw/security/advisories/GHSA-vxx3-6hc9-7cc3
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/openclaw-shell-option-parsing-bypass-in-exec-revalidation
Scores
CVSS v3
8.8
EPSS
0.0040
EPSS Percentile
31.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
Status
published
Products (3)
OpenClaw/OpenClaw
< 2026.5.12
openclaw/openclaw
< 2026.5.12
OpenClaw/OpenClaw
2026.5.12
Published
Jun 11, 2026
Tracked Since
Jun 12, 2026