What is the CVSS score of CVE-2026-27486?

CVE-2026-27486 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of AI / ML are affected by CVE-2026-27486?

Organizations using OpenClaw should be aware of moderate risk from CVE-2026-27486 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.. A patch is available.

AI / ML CVE-2026-27486

MEDIUM

Unverified Ownership (CWE-283)

2026-02-21 security-advisories@github.com

GHSA-jfv4-h8mc-jcp8

Information Disclosure AI / ML Openclaw

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

Patch released

Feb 24, 2026 - 16:53 nvd

Patch available

CVE Published

Feb 21, 2026 - 10:16 nvd

MEDIUM 5.3

DescriptionNVD

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes can be terminated if they match the pattern. The CLI runner cleanup helpers can kill processes matched by command-line patterns without validating process ownership. This issue has been fixed in version 2026.2.14.

AnalysisAI

OpenClaw CLI versions 2026.2.13 and earlier terminate processes based on command-line pattern matching without verifying process ownership, allowing unrelated processes to be killed on shared hosts. An attacker or unprivileged user on a multi-tenant system could leverage this to disrupt services or cause denial of service by triggering process cleanup routines that match their target applications. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27486 vulnerability details – vuln.today

Back

AI / ML CVE-2026-27486

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code