CVE-2026-53829
HIGHOpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display
Title source: cnaDescription
OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-xww8-gqvh-92x9)
https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display
https://www.vulncheck.com/advisories/openclaw-command-truncation-in-exec-approval-display
Scores
CVSS v3
8.0
EPSS
0.0022
EPSS Percentile
12.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-451
Status
published
Products (2)
OpenClaw/OpenClaw
< 2026.5.18
OpenClaw/OpenClaw
2026.5.18
Published
Jun 12, 2026
Tracked Since
Jun 13, 2026