CVE-2026-53819
Analyzed Analyzed - Analysis Complete

Arbitrary Code Execution in OpenClaw via Homebrew Override

Vulnerability report for CVE-2026-53819, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-12

Assigner: VulnCheck

Description

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-12
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.27 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.27 and involves arbitrary code execution during skill installation processes. Specifically, workspace .env files can override the selection of the Homebrew executable. If an attacker has access to trusted operator workspaces, they can cause unintended Homebrew-compatible executables to run during skill setup, potentially compromising the system.

Impact Analysis

The vulnerability allows attackers with access to trusted operator workspaces to execute arbitrary code on the affected system. This can lead to system compromise, unauthorized actions, and potentially full control over the system where OpenClaw is running.

Detection Guidance

Detection of this vulnerability involves checking if skill install flows are running in workspaces where .env files can override the Homebrew executable selection.

Specifically, you should inspect workspace .env files in trusted operator environments to see if they manipulate the Homebrew executable path.

Commands to detect this might include searching for .env files that set or override Homebrew-related environment variables, for example:

  • grep -r 'HOMEBREW' /path/to/workspace/.env
  • grep -r 'brew' /path/to/workspace/.env

Additionally, monitoring skill install flows for execution of unexpected Homebrew-compatible executables could help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include upgrading OpenClaw to version 2026.5.27 or later, where this vulnerability is patched.

Until the patch is applied, avoid running skill install flows from untrusted workspaces.

Implement general hardening measures such as:

  • Keeping channel and tool allowlists narrow.
  • Avoiding shared Gateways between untrusted users.
  • Disabling the affected feature (workspace .env override of Homebrew executable selection) when it is unnecessary.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53819. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart