Skip to main content

OpenClaw CVE-2026-53809

| EUVDEUVD-2026-36315 MEDIUM
Incorrect Authorization (CWE-863)
2026-06-11 VulnCheck GHSA-p39j-x9h5-q66m
4.8
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.3 LOW

Local-only attack vector and low privilege required match the embedded runner context; integrity-only, limited impact with no confidentiality or availability effect and no scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 11, 2026 - 21:33 vuln.today

DescriptionCVE.org

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider policy restrictions when the affected feature is enabled.

AnalysisAI

OpenClaw's embedded runner policy incorrectly resolves provider aliases against other aliases rather than their canonical provider identities, enabling an authenticated local user to bypass intended provider policy restrictions. When the affected provider alias feature is active, a low-privileged attacker can select bundled tool access that falls outside the scope their policy should permit, effectively sidestepping the authorization boundary. No public exploit has been identified and no active exploitation is confirmed via CISA KEV; the local attack vector and required feature enablement materially limit real-world exposure.

Technical ContextAI

OpenClaw (CPE: cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*) implements an embedded runner with configurable provider policies that govern which tools and capabilities a user may invoke through a given provider. The vulnerability is rooted in CWE-863 (Incorrect Authorization): the policy enforcement engine fails to normalize provider aliases to their canonical identities before performing authorization comparisons. Because alias-to-alias comparison permits crafted alias values to sidestep the canonical identity check, the logic gate that should restrict tool access can be circumvented. The flaw is scoped entirely to the embedded runner policy subsystem and is only reachable when provider alias support is enabled in the configuration. The CVSS 4.0 local attack vector (AV:L) confirms exploitation is constrained to the local system context.

RemediationAI

Upgrade OpenClaw to version 2026.4.25 or later, which contains the vendor-released patch resolving the alias-to-canonical-identity comparison flaw; full details are at https://github.com/openclaw/openclaw/security/advisories/GHSA-p39j-x9h5-q66m. If immediate patching is not feasible, the most targeted compensating control is to disable the provider alias feature in the embedded runner policy configuration, which eliminates the vulnerable code path entirely; note that this will break any workflows that rely on provider aliases and may require reconfiguring integrations to use canonical provider identities directly. A secondary compensating control is to restrict local access to the embedded runner to only trusted, explicitly authorized users, reducing the pool of potential abusers given the PR:L prerequisite - however, this does not fix the underlying authorization logic and should not be treated as a permanent substitute for patching.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-53809 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy