CVE-2026-53806
Received Received - Intake
Shell Option Parsing Bypass in OpenClaw

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: VulnCheck

Description
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling unauthorized command execution when the affected feature is enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-53806
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.12 and involves a shell option parsing flaw. Specifically, it allows combined POSIX shell flags to bypass the usual exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell commands without going through the intended allowlist validation.

As a result, unauthorized command execution can occur when the affected feature is enabled.

Impact Analysis

The vulnerability can lead to unauthorized command execution on systems running vulnerable versions of OpenClaw. This means attackers could potentially run arbitrary commands, which may compromise system integrity, confidentiality, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53806. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart