CVE-2026-53831
Received Received - Intake
Policy Enforcement Bypass in OpenClaw via Shell Expansion

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: VulnCheck

Description
OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2026-53831
EUVD
EUVD-2026-36619
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows authenticated operators to exploit shell metacharacters to read unintended node-local files and expose sensitive configuration data. This exposure of sensitive data could potentially lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls on access to and protection of sensitive information.

However, specific impacts on compliance with these standards are not detailed in the provided information.

Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.18 and involves a flaw in the policy enforcement of the system.run safe-bin allowlist validation. Specifically, it allows shell expansion to alter how commands are interpreted on POSIX nodes.

Authenticated operators can exploit this by using shell metacharacters within approved commands, which enables them to read unintended local files on the node and potentially expose sensitive configuration data.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive configuration data by allowing authenticated users to bypass intended command restrictions.

This exposure of sensitive local files could compromise system security, potentially leading to further exploitation or unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53831. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart