CVE-2026-53814
Analyzed Analyzed - Analysis Complete

Privilege Escalation in OpenClaw via Hook Token Misuse

Vulnerability report for CVE-2026-53814, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-12

Assigner: VulnCheck

Description

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-12
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.20 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.20 and involves a privilege escalation issue. Specifically, hook-triggered agents that run incorrectly receive owner-scoped MCP loopback authority instead of the intended hook-appropriate scope. This means that attackers who have a valid hook token can exploit the /hooks/agent endpoint to cause spawned command-line interface (CLI) runtimes to access or invoke MCP tools that should only be accessible by the owner.

As a result, attackers may be able to execute privileged actions, such as modifying persistent cron states, which they should not normally be authorized to perform.

Impact Analysis

This vulnerability can allow an attacker with a valid hook token to escalate their privileges and perform unauthorized actions on the affected system.

  • Attackers can access or invoke owner-only MCP tools.
  • They may execute privileged commands, such as modifying persistent cron jobs.
  • This could lead to unauthorized system changes, persistence of malicious activities, and potential compromise of system integrity.
Mitigation Strategies

To mitigate this vulnerability, users should upgrade OpenClaw to version 2026.5.20 or later where the issue is patched.

  • Keep hook tokens secret to prevent unauthorized access.
  • Restrict network access to the /hooks/agent endpoint to trusted sources only.
  • Disable hooks when they are not needed to reduce the attack surface.
Compliance Impact

The vulnerability allows attackers with a valid hook token to escalate privileges and perform unauthorized actions such as accessing owner-only MCP tools and modifying persistent cron state. This can lead to unauthorized access and manipulation of sensitive system functions, potentially impacting the confidentiality and integrity of data.

Such unauthorized privilege escalation and potential data manipulation could negatively affect compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and system integrity.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Detection Guidance

Detection of this vulnerability involves checking if your OpenClaw deployment is running a version prior to 2026.5.20 and if the /hooks/agent endpoint is accessible with a valid hook token.

You should verify whether hooks are enabled and if the hook-triggered CLI runs are inheriting owner-scoped MCP loopback authority incorrectly.

Since the vulnerability involves exploitation via the /hooks/agent endpoint, monitoring network traffic for unauthorized or suspicious access to this endpoint can help detect potential exploitation attempts.

Suggested commands to assist detection might include:

  • Checking OpenClaw version: `openclaw --version` or equivalent to confirm if the version is older than 2026.5.20.
  • Testing accessibility of the /hooks/agent endpoint: `curl -v http://<openclaw-server>/hooks/agent` to see if the endpoint is reachable.
  • Monitoring network connections or logs for usage of hook tokens or suspicious CLI runtime spawns related to hooks.

It is also recommended to restrict network access to the /hooks/agent endpoint and disable hooks if not needed to reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53814. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart