Skip to main content

OpenClaw EUVD-2026-36325

| CVE-2026-53819 HIGH
Untrusted Search Path (CWE-426)
2026-06-11 VulnCheck
RCE Openclaw
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Malicious skill delivered remotely (AV:N) executes only after an operator imports and installs it (UI:R); no OpenClaw authentication is required (PR:N) and resulting code execution yields full C/I/A impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 11, 2026 - 21:22 vuln.today

DescriptionCVE.org

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.

AnalysisAI

Arbitrary code execution in OpenClaw before 2026.5.27 lets attackers hijack the Homebrew executable resolved during skill installation by planting a workspace-level .env file that overrides the trusted Homebrew path. The flaw, classified as CWE-426 (Untrusted Search Path), enables full system compromise when an operator installs a tampered skill. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious skill with .env override
Delivery
Distribute to OpenClaw operator
Exploit
Operator installs skill
Execution
Setup invokes attacker-controlled Homebrew binary
Persist
Arbitrary code runs as operator
Impact
Host compromise
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must be able to introduce a workspace-level .env file into a trusted OpenClaw operator workspace - for example by shipping it inside a skill that the operator imports - and the OpenClaw skill-install flow must be triggered, which the CVSS 4.0 vector marks as UI:P (passive user interaction). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 score of 8.7 with AV:N/AC:L/PR:N/UI:P and high VC/VI/VA reflects that any operator who installs a tampered skill gets full host compromise, but the UI:P requirement and the implicit need to obtain a 'trusted operator workspace' meaningfully limit drive-by exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes or modifies a skill bundle whose workspace ships a crafted .env file that points OpenClaw's Homebrew lookup at an attacker-controlled binary placed on PATH or referenced directly. When an operator imports the skill and triggers setup, OpenClaw invokes that binary instead of the legitimate `brew`, executing arbitrary code in the operator's context. …
Remediation Vendor-released patch: upgrade OpenClaw to 2026.5.27 or later as described in GHSA-8wg3-5mcm-fjq8 (https://github.com/openclaw/openclaw/security/advisories/GHSA-8wg3-5mcm-fjq8). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Catalog all OpenClaw deployments and document current versions across the organization. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53836 HIGH
8.7 Jun 12

Remote code execution in OpenClaw before 2026.5.12 allows authenticated operators to bypass the PowerShell execution all
CVE-2026-53822 HIGH
8.7 Jun 12

Command injection in OpenClaw before 2026.5.18 allows authenticated attackers to modify shell wrapper argv between appro
CVE-2026-53817 HIGH
8.7 Jun 11

Authentication bypass in OpenClaw before 2026.5.22 allows authenticated network attackers to spoof locality information

CVE-2026-53821 HIGH
8.7 Jun 12

Privilege escalation in OpenClaw before 2026.5.18 allows WebSocket-connected Control UI clients to claim operator.admin

CVE-2026-53814 HIGH
8.7 Jun 11

Privilege escalation in OpenClaw before 2026.5.20 allows attackers holding a valid hook token to invoke owner-only MCP t

Share

EUVD-2026-36325 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy