CVE-2026-53814
Received Received - Intake
Privilege Escalation in OpenClaw via Hook Token Misuse

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: VulnCheck

Description
OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-53814
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.20 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.20 and involves a privilege escalation issue. Specifically, hook-triggered agents that run incorrectly receive owner-scoped MCP loopback authority instead of the intended hook-appropriate scope. This means that attackers who have a valid hook token can exploit the /hooks/agent endpoint to cause spawned command-line interface (CLI) runtimes to access or invoke MCP tools that should only be accessible by the owner.

As a result, attackers may be able to execute privileged actions, such as modifying persistent cron states, which they should not normally be authorized to perform.

Impact Analysis

This vulnerability can allow an attacker with a valid hook token to escalate their privileges and perform unauthorized actions on the affected system.

  • Attackers can access or invoke owner-only MCP tools.
  • They may execute privileged commands, such as modifying persistent cron jobs.
  • This could lead to unauthorized system changes, persistence of malicious activities, and potential compromise of system integrity.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53814. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart