Arbitrary Code Execution Vulnerability in OpenClaw Product by OpenClaw
CVE-2026-53819
8.7HIGH
What is CVE-2026-53819?
OpenClaw, prior to version 2026.5.27, is susceptible to a vulnerability that allows arbitrary code execution through the skill installation process. This vulnerability arises when workspace .env files have the ability to manipulate the selection of Homebrew executables. When attackers gain access to trusted operator workspaces, they can exploit this flaw to execute unauthorized Homebrew-compatible programs during the setup of skills, potentially leading to system compromise.
Affected Version(s)
OpenClaw 0 < 2026.5.27
OpenClaw 2026.5.27
