CVE-2026-53850
Received Received - Intake
Control Scope Bypass in OpenClaw Focus Command

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: VulnCheck

Description
OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-53850
EUVD
EUVD-2026-37152
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.25 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-53850 is a vulnerability in OpenClaw versions before 2026.4.25 where the 'focus command' can bypass control scope enforcement. This means that authenticated users can execute the focus command without the proper authorization checks that should normally restrict its use.

Attackers with low privileges and no need for user interaction can trigger this command to change the focus state beyond what they are authorized to do. This flaw affects system integrity by allowing unauthorized modifications depending on the gateway configuration and trust levels of inputs.

The vulnerability is specific to the focus command feature and does not affect the overall trusted-operator model of OpenClaw, which assumes trusted authenticated operators and plugins unless security boundaries are crossed.

Impact Analysis

This vulnerability can impact you by allowing an authenticated user with low privileges to bypass authorization controls and execute the focus command outside their intended scope.

The primary impact is on system integrity, as unauthorized changes to the focus state can lead to unauthorized operations depending on how the gateway is configured and how much trust is placed in input sources.

Confidentiality and availability are not directly affected by this vulnerability.

  • Potential unauthorized modifications to system state.
  • Exploitation requires local access with low attack complexity and no user interaction.
Detection Guidance

The vulnerability involves the focus command in OpenClaw being executed without proper authorization checks by authenticated users. Detection would involve monitoring or auditing the use of the focus command to identify unauthorized or unexpected executions.

Since exploitation requires local access and low privileges, detection can focus on command usage logs or system audit logs related to OpenClaw's focus command invocations.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include restricting access to the focus command to trusted operators only until the system is patched.

  • Keep channel and tool allowlists narrow to limit exposure.
  • Avoid sharing Gateways between untrusted users.
  • Disable the focus command feature if it is not necessary.

Applying the patched version 2026.4.25 of OpenClaw will resolve the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53850. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart