Skip to main content

OpenClaw CVE-2026-53864

| EUVD-2026-37166 HIGH
Incomplete List of Disallowed Inputs (CWE-184)
2026-06-16 VulnCheck GHSA-vr6h-vxqj-3pjx
Authentication Bypass Node.js Openclaw
7.6
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.1 HIGH

Exploitation requires write access to workspace env sources, so AV:L and PR:L; sanitizer bypass is deterministic (AC:L); confidentiality and integrity high via child-process control, no availability impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 16, 2026 - 20:02 EUVD
Analysis Generated
Jun 16, 2026 - 18:51 vuln.today

DescriptionCVE.org

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious Node.js control variables to influence child processes or coverage output paths.

Articles & Coverage 1

News 3 New Node.js Vulnerabilities - 3 High Severity, No Public POC Jun 17, 2026

AnalysisAI

Environment variable sanitization weakness in OpenClaw prior to 2026.5.26 lets attackers smuggle Node.js control variables (such as NODE_OPTIONS) past the host environment sanitizer, enabling them to influence child-process behavior and coverage output paths. Affected attackers must have write access to workspace .env files, tool environment overrides, or skill environment blocks, and no public exploit is identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain write access to workspace env source
Delivery
Inject Node.js control variable (e.g., NODE_OPTIONS)
Exploit
Sanitizer fails to strip variable
Execution
OpenClaw spawns Node.js child
Persist
Malicious module preloaded or coverage path redirected
Impact
Code execution or arbitrary file overwrite under OpenClaw user
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must control at least one of three specific OpenClaw input channels: workspace .env files, tool environment override files, or skill environment blocks - all of which require pre-existing write access to the OpenClaw workspace or configuration surface. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 7.6 is driven by VC:H/VI:H with PR:L and AT:P, meaning the vendor treats this as authenticated abuse with specific attack requirements (control over an env source). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A lower-privileged developer or skill author on a shared OpenClaw workspace commits a .env file or skill environment block that defines NODE_OPTIONS pointing at a malicious --require module stored elsewhere in the repository. When OpenClaw next spawns a Node.js child process, the sanitizer fails to drop the variable, the attacker's module is preloaded into the child, and coverage output paths can be redirected to overwrite arbitrary files writable by the OpenClaw user. …
Remediation Vendor-released patch: upgrade OpenClaw to 2026.5.26 or later, per advisory GHSA-ccwh-wwpp-6wg5 (https://github.com/openclaw/openclaw/security/advisories/GHSA-ccwh-wwpp-6wg5). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit and restrict write access to workspace .env files, tool environment overrides, and skill environment blocks; enable logging of environment modifications. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2025-71329 HIGH POC
8.7 Jun 10

Denial of service in the image-size Node.js library through version 2.0.2 allows remote unauthenticated attackers to per
CVE-2025-71330 HIGH POC
8.7 Jun 10

Denial of service in the image-size Node.js library (versions up to and including 2.0.2) allows remote unauthenticated a
CVE-2026-53633 CRITICAL
9.8 Jun 15

Remote code execution in Vitest Browser Mode (npm @vitest/browser 3.0.0-3.2.4, 4.0.0-4.1.7, 5.0.0-beta.0-5.0.0-beta.3) a
CVE-2026-48714 CRITICAL
9.1 Jun 15

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.p
CVE-2026-53609 CRITICAL
9.1 Jun 12

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object

Share

CVE-2026-53864 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy