Skip to main content

OpenClaw EUVDEUVD-2026-36617

| CVE-2026-53829 HIGH
User Interface (UI) Misrepresentation of Critical Information (CWE-451)
2026-06-12 VulnCheck GHSA-92qj-8g54-qmph
8.5
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.5 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.0 HIGH

Network-reachable approval workflow with a low-privileged authenticated submitter (PR:L) and a required approver click (UI:R); successful execution yields full C/I/A impact via the exec runner.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jun 13, 2026 - 02:00 EUVD
Analysis Generated
Jun 12, 2026 - 22:33 vuln.today

DescriptionCVE.org

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.

AnalysisAI

Command approval bypass in OpenClaw versions prior to 2026.5.18 allows authenticated users to smuggle malicious instructions past human approvers by exploiting how the approval UI truncates oversized exec commands. The flaw (CWE-451, UI misrepresentation) lets an attacker craft a request with a benign-looking prefix while a malicious suffix is hidden from the reviewer's display, resulting in unauthorized execution once the request is approved. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate as low-priv OpenClaw user
Delivery
Craft exec command with benign prefix and malicious suffix
Exploit
Submit via approval workflow
Install
Approver sees only truncated benign portion
C2
Approver clicks approve
Execute
Full command executes with runner privileges
Impact
Attacker achieves unauthorized read/write/execute

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) an authenticated account on the target OpenClaw instance with permission to submit exec commands through the approval workflow (PR:L), (2) the target deployment must be running a version prior to 2026.5.18 with the exec-approval feature in use, and (3) a separate human approver must be tricked into approving the crafted oversized command via the truncated UI (UI:A). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:A, VC:H/VI:H/VA:H) places this at 8.5 - high impact across confidentiality, integrity, and availability, but importantly gated on two conditions: the attacker must already be an authenticated low-privileged user (PR:L) and a separate human approver must take action (UI:A). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated low-privileged OpenClaw user submits an exec request such as a long, benign-looking listing or status command padded with whitespace or filler so that the malicious tail - for example a shell metacharacter chain that exfiltrates secrets or modifies files - falls past the approval UI's visible window. A human approver, seeing only the safe prefix, approves the request, and the full command (including the hidden suffix) is executed with whatever privileges the OpenClaw exec runner holds. …
Remediation Vendor-released patch: upgrade OpenClaw to 2026.5.18 or later, which corrects the approval-display truncation; see the GHSA at https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-command-truncation-in-exec-approval-display. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all OpenClaw installations, document current versions, and identify systems processing sensitive commands through approval workflows. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-36617 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy