CVE-2026-53850
Awaiting Analysis Awaiting Analysis - Queue

Control Scope Bypass in OpenClaw Focus Command

Vulnerability report for CVE-2026-53850, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: VulnCheck

Description

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-07
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.25 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-53850 is a vulnerability in OpenClaw versions before 2026.4.25 where the 'focus command' can bypass control scope enforcement. This means that authenticated users can execute the focus command without the proper authorization checks that should normally restrict its use.

Attackers with low privileges and no need for user interaction can trigger this command to change the focus state beyond what they are authorized to do. This flaw affects system integrity by allowing unauthorized modifications depending on the gateway configuration and trust levels of inputs.

The vulnerability is specific to the focus command feature and does not affect the overall trusted-operator model of OpenClaw, which assumes trusted authenticated operators and plugins unless security boundaries are crossed.

Compliance Impact

The vulnerability primarily impacts system integrity by allowing unauthorized changes to the focus state through a control scope enforcement bypass. Confidentiality and availability are not directly affected.

There is no explicit information in the provided resources about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can impact you by allowing an authenticated user with low privileges to bypass authorization controls and execute the focus command outside their intended scope.

The primary impact is on system integrity, as unauthorized changes to the focus state can lead to unauthorized operations depending on how the gateway is configured and how much trust is placed in input sources.

Confidentiality and availability are not directly affected by this vulnerability.

  • Potential unauthorized modifications to system state.
  • Exploitation requires local access with low attack complexity and no user interaction.
Detection Guidance

The vulnerability involves the focus command in OpenClaw being executed without proper authorization checks by authenticated users. Detection would involve monitoring or auditing the use of the focus command to identify unauthorized or unexpected executions.

Since exploitation requires local access and low privileges, detection can focus on command usage logs or system audit logs related to OpenClaw's focus command invocations.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include restricting access to the focus command to trusted operators only until the system is patched.

  • Keep channel and tool allowlists narrow to limit exposure.
  • Avoid sharing Gateways between untrusted users.
  • Disable the focus command feature if it is not necessary.

Applying the patched version 2026.4.25 of OpenClaw will resolve the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53850. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart