How is CVE-2026-53819 exploited?

Network reachability (required): The attacker must be able to reach the target service over the network to deliver a malicious workspace .env file to the victim. Authentication (not-required): No credentials or account are needed; the attack can be initiated by an unauthenticated remote party. Victim interaction (required): A user on the target system must trigger the skill install flow, such as opening or processing the malicious workspace, for the override to take effect. Attack complexity (info): Exploitation is reliable and condition-free once the victim interacts; no race conditions or special environmental factors are required.

What is the impact of CVE-2026-53819?

A successful attacker executes arbitrary Homebrew-compatible binaries under the context of the user running OpenClaw, gaining full control over that process. All data readable by the OpenClaw process is exposed, including environment variables, secrets loaded from .env files, and any files accessible to that user. An attacker can write or modify files on the host, including replacing binaries, altering configuration, or planting persistence mechanisms. The OpenClaw process and any services it manages can be crashed or destabilized, disrupting skill setup workflows and dependent operations.

Back to search

HIGHCVE-2026-53819Published 2026-06-11Modified 2026-06-13CNA VulnCheck

CVE-2026-53819: OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override

Q: What is CVE-2026-53819?

An arbitrary code execution vulnerability affects OpenClaw before version 2026.5.27. The flaw is reachable over the network and requires no authentication, but a victim must take an action during skill installation for the attack to succeed; specifically, a workspace .env file can be crafted to override the Homebrew executable selection, causing an unintended executable to run during skill setup. Successful exploitation gives an attacker full read, write, and availability impact on the host running OpenClaw. A patched-image rebuild at version 2026.5.27 is available on HarborGuard for affected environments.

Q: How is CVE-2026-53819 fixed?

A patched-image rebuild at OpenClaw version 2026.5.27 is available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, HarborGuard will trigger a rebuild, run a regression test suite against the new image, and open a pull request against affected workloads automatically.

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: 2026.5.27
Affected Products: 1

HarborGuard Analysis

Synopsis

An arbitrary code execution vulnerability affects OpenClaw before version 2026.5.27. The flaw is reachable over the network and requires no authentication, but a victim must take an action during skill installation for the attack to succeed; specifically, a workspace .env file can be crafted to override the Homebrew executable selection, causing an unintended executable to run during skill setup. Successful exploitation gives an attacker full read, write, and availability impact on the host running OpenClaw. A patched-image rebuild at version 2026.5.27 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-53819 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle OpenClaw, in both registry scans and CI/CD pipeline checks.

Available

Triage

HarborGuard scores this CVE at CVSS v4.0 8.7 (HIGH) and weights it against each environment's configured compliance policy to determine routing priority. Triage findings are delivered to the appropriate team inbox within each customer organization based on image ownership and policy rules.

Available

Patch

A patched-image rebuild at OpenClaw version 2026.5.27 is available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, HarborGuard will trigger a rebuild, run a regression test suite against the new image, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the target service over the network to deliver a malicious workspace .env file to the victim.
AuthenticationNot required
No credentials or account are needed; the attack can be initiated by an unauthenticated remote party.
Victim interactionRequired
A user on the target system must trigger the skill install flow, such as opening or processing the malicious workspace, for the override to take effect.
Attack complexityDetail
Exploitation is reliable and condition-free once the victim interacts; no race conditions or special environmental factors are required.

Blast Radius

A successful attacker executes arbitrary Homebrew-compatible binaries under the context of the user running OpenClaw, gaining full control over that process.
All data readable by the OpenClaw process is exposed, including environment variables, secrets loaded from .env files, and any files accessible to that user.
An attacker can write or modify files on the host, including replacing binaries, altering configuration, or planting persistence mechanisms.
The OpenClaw process and any services it manages can be crashed or destabilized, disrupting skill setup workflows and dependent operations.

How HarborGuard Handles This

Available on HarborGuard: any image containing OpenClaw below version 2026.5.27 is flagged immediately upon ingestion of this advisory. For customers who opt into auto-remediation, HarborGuard will rebuild the affected image at the fixed version 2026.5.27, run a regression test pass, and open a pull request against affected workloads. For HIGH-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit automatic remediation, the finding is routed to the appropriate team inbox with the fix version noted so engineers can act manually. Until a rebuild is deployed, compensating controls include restricting which users can introduce or modify workspace .env files, applying file-integrity monitoring on Homebrew executable paths, and isolating OpenClaw worker processes with tight filesystem permissions to limit what an overridden executable can reach.

See how HarborGuard automates this

Fix available

2026.5.27

Patch commits

GitHub Security Advisory (GHSA-8wg3-5mcm-fjq8)

Affected packages

OpenClaw / OpenClaw
< 2026.5.27 (from 0)
Fixed in 2026.5.27

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available