CVE-2026-53816
Analyzed Analyzed - Analysis Complete

Insufficient Provenance Validation in OpenClaw Node Event Handling

Vulnerability report for CVE-2026-53816, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-12

Assigner: VulnCheck

Description

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering target sessions into exec-event paths that expose capabilities the reduced node surface should not provide.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-12
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.18 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.18 and involves insufficient provenance validation in node event handling.

Specifically, paired nodes can forge exec lifecycle events without requiring system.run authorization.

A malicious or compromised paired node can send crafted node.event messages to the gateway, which can steer target sessions into exec-event paths that expose capabilities that should not be available given the reduced node surface.

Impact Analysis

This vulnerability can allow a malicious or compromised paired node to execute unauthorized lifecycle events on target sessions.

As a result, it exposes capabilities that are supposed to be restricted, potentially leading to unauthorized actions or access within the system.

Compliance Impact

The vulnerability in OpenClaw allows unauthorized execution of commands by forging exec lifecycle events without proper authorization, which can lead to unauthorized access and manipulation of system sessions.

Such unauthorized access and potential exposure of sensitive capabilities could impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and system integrity.

However, the vulnerability requires control over a paired node connection and does not allow unauthenticated access, which may limit the scope of compliance impact depending on the environment and controls in place.

Mitigation by upgrading to the patched version and ensuring trusted paired nodes is essential to maintain compliance with these standards.

Mitigation Strategies

To mitigate this vulnerability, the primary step is to upgrade OpenClaw to version 2026.5.18 or later, where the issue has been patched.

Additionally, ensure that all paired nodes are trusted, as the vulnerability requires control over a paired node connection to be exploited.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53816. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart