{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-53829: OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-53829","status":"final","version":"1","initial_release_date":"2026-06-12T21:56:55.064Z","current_release_date":"2026-06-12T21:56:55.064Z","revision_history":[{"date":"2026-06-12T21:56:55.064Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-53829 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-53829"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-53829"},{"category":"external","summary":"GitHub Security Advisory (GHSA-xww8-gqvh-92x9)","url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9"},{"category":"external","summary":"VulnCheck Advisory: OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display","url":"https://www.vulncheck.com/advisories/openclaw-command-truncation-in-exec-approval-display"}]},"product_tree":{"branches":[{"category":"vendor","name":"OpenClaw","branches":[{"category":"product_name","name":"OpenClaw","branches":[{"category":"product_version_range","name":"<2026.5.18","product":{"name":"OpenClaw OpenClaw <2026.5.18","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*"}}},{"category":"product_version","name":"2026.5.18","product":{"name":"OpenClaw OpenClaw 2026.5.18","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-53829","title":"OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display","notes":[{"category":"description","text":"OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"],"fixed":["CSAFPID-2"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","baseScore":8.5,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 2026.5.18.","product_ids":["CSAFPID-1"]}]}]}