CVE-2026-53808
Analyzed Analyzed - Analysis Complete

Approval Policy Bypass in OpenClaw Skill Workshop

Vulnerability report for CVE-2026-53808, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-12

Assigner: VulnCheck

Description

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before the expected approval step, potentially modifying configurations without proper authorization.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-12
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.6 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves the Skill Workshop apply flow in OpenClaw versions before 2026.5.6, where an agent tool call can bypass the approval policy by setting apply: true despite approvalPolicy: pending.

Detection would involve monitoring or auditing calls to the Skill Workshop apply path to identify if any apply requests are being made with apply: true while approvalPolicy is still pending.

Suggested detection steps include:

  • Review logs or audit trails for Skill Workshop apply requests that set apply: true without completing the approval step.
  • Restrict and monitor agent tool calls that interact with the apply flow.
  • Manually review Skill Workshop changes for unauthorized application.

No specific commands are provided in the available resources. However, general commands could include searching logs for relevant apply calls, for example using grep or similar tools on log files:

  • grep -i 'apply: true' /path/to/openclaw/logs/*
  • grep -i 'approvalPolicy: pending' /path/to/openclaw/logs/*

Further detection may require custom scripts or monitoring tools tailored to the OpenClaw environment and its logging mechanisms.

Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.6 and involves an approval policy bypass in the Skill Workshop apply flow.

Specifically, it allows agent tool calls to set the apply flag to true even when the approvalPolicy is still pending.

Attackers can exploit this flaw by accessing the affected apply path to make workshop changes before the required approval step has been completed.

This means configurations can be modified without proper authorization.

Impact Analysis

This vulnerability can impact you by allowing unauthorized changes to configurations within the OpenClaw Skill Workshop.

Because the approval step can be bypassed, attackers may modify settings or workflows without proper permission.

This could lead to potential misuse or disruption of the system's intended operations.

Compliance Impact

The vulnerability allows unauthorized modification of workshop configurations by bypassing the approval step, which could lead to improper authorization controls.

Such unauthorized changes may impact compliance with standards and regulations that require strict access controls and change management, such as GDPR and HIPAA.

However, the provided information does not explicitly discuss the direct impact on compliance with these or other common standards.

Mitigation Strategies

To mitigate the approval policy bypass vulnerability in OpenClaw before version 2026.5.6, you should:

  • Manually review Skill Workshop changes to detect unauthorized modifications.
  • Restrict the use of the agent tool that can set apply: true despite approvalPolicy: pending.
  • Keep channel and tool allowlists narrow to limit exposure.
  • Avoid sharing Gateways between untrusted users to reduce risk.
  • Disable the affected Skill Workshop apply feature when it is not needed.

Additionally, upgrading to OpenClaw version 2026.5.6 or later, which contains the patch for this vulnerability, is recommended.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53808. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart