Control Scope Enforcement Bypass in OpenClaw by OpenClaw
CVE-2026-53850

6.8MEDIUM

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-53850?

OpenClaw prior to version 2026.4.25 is susceptible to a control scope enforcement bypass within its focus command. This vulnerability enables authenticated users to execute the command without adhering to necessary authorization checks. As a result, malicious actors could exploit this issue to alter the focus state, effectively conducting unauthorized operations, depending on the specific gateway setup and trust levels of the input.

Affected Version(s)

OpenClaw 0 < 2026.4.25

OpenClaw 2026.4.25

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/openclaw-control-sco...

third-party-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

zsx (@zsxsoft)

KeenSecurityLab

qclawer

CVE-2026-53850 Data

JSON

Openclaw

What is CVE-2026-53850?

Affected Version(s)

References

CVSS V4

Timeline

Credit