How is CVE-2026-53829 exploited?

Network reachability (required): The attacker must reach the OpenClaw service over the network to submit the crafted exec command. Authentication (required): Any low-privilege account is sufficient; the attacker only needs a valid login to submit exec requests through the approval workflow. Victim interaction (required): An approver must review and approve the truncated command display before the malicious suffix executes, making this a social-engineering vector that relies on the approver acting on incomplete information. Attack complexity (info): Exploit conditions are straightforward and reliable; no race conditions or special environmental factors are required beyond crafting an oversized command string.

What is the impact of CVE-2026-53829?

Reads data accessible to the exec context, including secrets, configuration files, and stored application data. Writes or modifies files and database rows reachable by the executing process. Terminates or disrupts the affected service by injecting destructive command suffixes after approval. Enables lateral movement if the exec context carries credentials or tokens for adjacent systems.

Back to search

HIGHCVE-2026-53829Published 2026-06-12Modified 2026-06-12CNA VulnCheck

CVE-2026-53829: OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display

Q: What is CVE-2026-53829?

This is a command-truncation vulnerability in OpenClaw, a tool that routes exec commands through an approval workflow. An authenticated attacker can submit a command with a benign-looking prefix followed by a malicious suffix; the approval UI truncates the display so the approver never sees the malicious portion. Once the approver clicks through, the full command, including the hidden suffix, executes with whatever privileges the exec context carries, enabling unauthorized read, write, or denial-of-service operations against the target. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-53829 fixed?

A rebuilt image pinned to OpenClaw 2026.5.18 becomes available on HarborGuard as soon as the upstream package is indexed. For customers with auto-remediation enabled, HarborGuard runs a regression test against the rebuilt image and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in those environments.

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.

CVSS v4.0: 8.5
Severity: HIGH
Fixed in: 2026.5.18
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a command-truncation vulnerability in OpenClaw, a tool that routes exec commands through an approval workflow. An authenticated attacker can submit a command with a benign-looking prefix followed by a malicious suffix; the approval UI truncates the display so the approver never sees the malicious portion. Once the approver clicks through, the full command, including the hidden suffix, executes with whatever privileges the exec context carries, enabling unauthorized read, write, or denial-of-service operations against the target. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53829 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle OpenClaw. Any image carrying a version of OpenClaw below 2026.5.18 will be flagged in both registry scans and CI/CD pipeline checks.

Available

Triage

HarborGuard scores this finding at CVSS 8.5 (HIGH) using the published v4.0 vector and weights it against each environment's compliance policy to determine urgency and routing. Triage output, including affected image tags and suggested fix version, is routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A rebuilt image pinned to OpenClaw 2026.5.18 becomes available on HarborGuard as soon as the upstream package is indexed. For customers with auto-remediation enabled, HarborGuard runs a regression test against the rebuilt image and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in those environments.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the OpenClaw service over the network to submit the crafted exec command.
AuthenticationRequired
Any low-privilege account is sufficient; the attacker only needs a valid login to submit exec requests through the approval workflow.
Victim interactionRequired
An approver must review and approve the truncated command display before the malicious suffix executes, making this a social-engineering vector that relies on the approver acting on incomplete information.
Attack complexityDetail
Exploit conditions are straightforward and reliable; no race conditions or special environmental factors are required beyond crafting an oversized command string.

Blast Radius

Reads data accessible to the exec context, including secrets, configuration files, and stored application data.
Writes or modifies files and database rows reachable by the executing process.
Terminates or disrupts the affected service by injecting destructive command suffixes after approval.
Enables lateral movement if the exec context carries credentials or tokens for adjacent systems.

How HarborGuard Handles This

Available on HarborGuard: images containing OpenClaw below 2026.5.18 are flagged automatically on every scan cycle. Where compliance policy permits auto-remediation, HarborGuard rebuilds the image at version 2026.5.18, runs a regression suite against it, and opens a pull request against each affected workload; for high-severity findings the median time from CVE publication to a merged patch PR is approximately 90 minutes in auto-remediation-enabled environments. For teams that manage patching manually, HarborGuard surfaces the finding with the exact fix version, affected image digest, and a policy-weighted priority score so the right team can act immediately. Because this vulnerability requires an authenticated user to craft a malicious submission and a separate approver to act on it, organizations that cannot patch immediately should consider restricting the exec approval feature to a tightly scoped role set and enabling out-of-band command review as a compensating control while the upgrade is scheduled.

See how HarborGuard automates this

Fix available

2026.5.18

Affected packages

OpenClaw / OpenClaw
< 2026.5.18 (from 0)
Fixed in 2026.5.18

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available