{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-53819: OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-53819","status":"final","version":"1","initial_release_date":"2026-06-11T20:10:24.289Z","current_release_date":"2026-06-13T03:55:44.145Z","revision_history":[{"date":"2026-06-11T20:10:24.289Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-53819 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-53819"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-53819"},{"category":"external","summary":"GitHub Security Advisory (GHSA-8wg3-5mcm-fjq8)","url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8wg3-5mcm-fjq8"},{"category":"external","summary":"vulncheck.com","url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-homebrew-executable-execution-via-workspace-env-override"}]},"product_tree":{"branches":[{"category":"vendor","name":"OpenClaw","branches":[{"category":"product_name","name":"OpenClaw","branches":[{"category":"product_version_range","name":"<2026.5.27","product":{"name":"OpenClaw OpenClaw <2026.5.27","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*"}}},{"category":"product_version","name":"2026.5.27","product":{"name":"OpenClaw OpenClaw 2026.5.27","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-53819","title":"OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override","notes":[{"category":"description","text":"OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"],"fixed":["CSAFPID-2"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","baseScore":8.7,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 2026.5.27.","product_ids":["CSAFPID-1"],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8wg3-5mcm-fjq8"}]}]}