CVE-2026-53861
Received Received - Intake
OpenClaw macOS Swift exec Allowlist Bypass via Combined POSIX Flags

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: VulnCheck

Description
OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-53861
EUVD
EUVD-2026-37163
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-53861 is an allowlist bypass vulnerability in OpenClaw versions before 2026.5.6 affecting the macOS Swift exec feature. The vulnerability arises because the allowlist check misses combined POSIX inline-command flags, allowing attackers to execute shell commands outside the intended restrictions.

This means that by using combined flag forms, an attacker can bypass the security controls designed to restrict command execution, potentially running unauthorized commands depending on how the operator has configured the system.

Impact Analysis

This vulnerability can lead to unauthorized command execution on affected systems, which may compromise the confidentiality and integrity of data.

The CVSS scores indicate a moderate severity with potential high impact on confidentiality and integrity but no impact on availability.

Exploitation requires local access, low complexity, low privileges, and user interaction, meaning an attacker with limited access could still leverage this flaw if conditions are met.

Depending on the operator's configuration and the presence of lower-trust input reaching the vulnerable path, attackers might execute unauthorized shell commands, potentially leading to data exposure or manipulation.

Mitigation Strategies

To mitigate the vulnerability in OpenClaw before version 2026.5.6, you should upgrade to version 2026.5.6 or later where the issue is fixed.

  • Restrict channel and tool allowlists to reduce exposure.
  • Avoid using shared Gateways for untrusted users.
  • Disable the macOS Swift exec feature if it is not necessary.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53861. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart