CVE-2026-53829
Analyzed Analyzed - Analysis Complete

Approval Display Truncation in OpenClaw

Vulnerability report for CVE-2026-53829, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-12

Last updated on: 2026-06-16

Assigner: VulnCheck

Description

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-12
Last Modified
2026-06-16
Generated
2026-07-03
AI Q&A
2026-06-13
EPSS Evaluated
2026-07-02
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.18 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-451 The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.18 and involves an approval display truncation issue.

Authenticated users can exploit this by submitting oversized exec commands that have benign prefixes and malicious suffixes.

Because the approval display truncates the command, approvers only see the benign part and may unknowingly approve commands that contain hidden malicious operations.

Impact Analysis

The vulnerability can lead to unauthorized operations being executed after approval because malicious command suffixes are hidden from approvers.

This can result in a high impact on confidentiality, integrity, and availability of the affected system, as indicated by the high CVSS scores.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53829. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart