Arbitrary Code Execution Vulnerability in OpenClaw Product by OpenClaw
CVE-2026-53819

8.7HIGH

Key Information:

Vendor

Openclaw

Status
Vendor
CVE Published:
11 June 2026

What is CVE-2026-53819?

OpenClaw, prior to version 2026.5.27, is susceptible to a vulnerability that allows arbitrary code execution through the skill installation process. This vulnerability arises when workspace .env files have the ability to manipulate the selection of Homebrew executables. When attackers gain access to trusted operator workspaces, they can exploit this flaw to execute unauthorized Homebrew-compatible programs during the setup of skills, potentially leading to system compromise.

Affected Version(s)

OpenClaw 0 < 2026.5.27

OpenClaw 2026.5.27

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

侯海飞 (@feynman-hou)
.