How is CVE-2026-53822 exploited?

Network reachability (required): The attacker must reach the OpenClaw service over the network; the CVSS vector specifies AV:N, meaning no local or physical access is assumed. Authentication (required): A low-privilege account is sufficient; the vector specifies PR:L, so no admin credentials are needed, but the attacker must be authenticated. Victim interaction (not-required): No user interaction is needed; the attacker can trigger the race window between approval and execution without involving another party. Attack complexity (info): Attack complexity is rated Low (AC:L), meaning the exploit is reliable and does not depend on race-condition timing luck or specific memory layout; the approval-to-execution window is consistently exploitable.

What is the impact of CVE-2026-53822?

The attacker executes arbitrary shell commands outside the approved allowlist, gaining the same OS-level privileges as the OpenClaw wrapper process. Confidential data accessible to that process, such as environment variables, secrets, and files on the host, can be read and exfiltrated. The attacker can modify files, configuration, or state that the wrapper process has write access to, corrupting application data or injecting malicious payloads. The wrapper process can be used to crash or destabilize services that depend on it, causing availability loss for workloads relying on OpenClaw for command orchestration.

Back to search

HIGHCVE-2026-53822Published 2026-06-12Modified 2026-06-15CNA VulnCheck

CVE-2026-53822: OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution

Q: What is CVE-2026-53822?

This is a command injection vulnerability in OpenClaw, a shell wrapper tool, affecting all versions before 2026.5.18. An authenticated attacker can reach the vulnerable endpoint over the network and manipulate command arguments in the window between allowlist approval and actual execution, causing the wrapper to run a different command shape than the one that was approved. Successful exploitation lets the attacker execute arbitrary unapproved commands, bypassing the allowlist security control entirely. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for affected environments.

Q: How is CVE-2026-53822 fixed?

A patched-image rebuild pinned to OpenClaw 2026.5.18 becomes available on HarborGuard as soon as the fix version is confirmed in the upstream feed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: 2026.5.18
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a command injection vulnerability in OpenClaw, a shell wrapper tool, affecting all versions before 2026.5.18. An authenticated attacker can reach the vulnerable endpoint over the network and manipulate command arguments in the window between allowlist approval and actual execution, causing the wrapper to run a different command shape than the one that was approved. Successful exploitation lets the attacker execute arbitrary unapproved commands, bypassing the allowlist security control entirely. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle OpenClaw. Any image running a version of OpenClaw below 2026.5.18 is flagged automatically.

Available

Triage

HarborGuard scores this CVE at CVSS 8.7 (HIGH) and weights it against each environment's compliance policy to determine urgency. Triage findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild pinned to OpenClaw 2026.5.18 becomes available on HarborGuard as soon as the fix version is confirmed in the upstream feed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the OpenClaw service over the network; the CVSS vector specifies AV:N, meaning no local or physical access is assumed.
AuthenticationRequired
A low-privilege account is sufficient; the vector specifies PR:L, so no admin credentials are needed, but the attacker must be authenticated.
Victim interactionNot required
No user interaction is needed; the attacker can trigger the race window between approval and execution without involving another party.
Attack complexityDetail
Attack complexity is rated Low (AC:L), meaning the exploit is reliable and does not depend on race-condition timing luck or specific memory layout; the approval-to-execution window is consistently exploitable.

Blast Radius

The attacker executes arbitrary shell commands outside the approved allowlist, gaining the same OS-level privileges as the OpenClaw wrapper process.
Confidential data accessible to that process, such as environment variables, secrets, and files on the host, can be read and exfiltrated.
The attacker can modify files, configuration, or state that the wrapper process has write access to, corrupting application data or injecting malicious payloads.
The wrapper process can be used to crash or destabilize services that depend on it, causing availability loss for workloads relying on OpenClaw for command orchestration.

How HarborGuard Handles This

Available on HarborGuard: any image containing OpenClaw below version 2026.5.18 is matched against this CVE within minutes of ingest, covering both images pulled from public registries and custom-built images that vendor or embed the package. For customers who opt into auto-remediation, HarborGuard produces a rebuilt image at 2026.5.18, runs regression tests, and opens a pull request against affected workloads; for HIGH-severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Customers who manage patching manually will find the affected images listed in their HarborGuard dashboard with remediation guidance pointing to the 2026.5.18 upgrade. Where compliance policy permits, enabling network-policy isolation on the OpenClaw service boundary is a practical compensating control that limits which callers can reach the vulnerable endpoint while the upgrade is staged.

See how HarborGuard automates this

Fix available

2026.5.18

Affected packages

OpenClaw / OpenClaw
< 2026.5.18 (from 0)
Fixed in 2026.5.18

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available