CVE-2026-53847

MEDIUM

OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope

Title source: cna
STIX 2.1

Description

OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-x629-46cc-7xgw)
https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope
https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope

Scores

CVSS v3 5.4
EPSS 0.0018
EPSS Percentile 7.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-266
Status published
Products (5)
npm/openclaw 0 - 2026.5.6npm
openclaw/openclaw 2026.5.6 beta1
OpenClaw/OpenClaw < 2026.5.6
openclaw/openclaw < 2026.5.6
OpenClaw/OpenClaw 2026.5.6
Published Jun 16, 2026
Tracked Since Jun 17, 2026