How is CVE-2026-53831 exploited?

Network reachability (required): The vulnerable system.run endpoint is exposed over the network, so the attacker must be able to reach the OpenClaw service remotely. Authentication (required): Any low-privilege operator account is sufficient; no admin rights are needed to craft a malicious command through the allowlist. Victim interaction (not-required): The attacker submits the crafted command directly; no user action or social engineering is needed. Attack complexity (info): Base exploit logic is reliable and condition-free, though the CVSS v4.0 AT:P token indicates that specific target conditions (such as particular POSIX shell configurations) must be present on the node.

What is the impact of CVE-2026-53831?

Reads arbitrary node-local files by abusing shell expansion to escape the approved command set, exposing configuration files, secrets, and stored credentials. Reads and potentially exfiltrates sensitive data with high confidentiality impact on the vulnerable component, including API keys or authentication material embedded in config files. Modifies or overwrites node-local data with high integrity impact on the vulnerable component, as shell expansion can redirect writes beyond intended paths. Causes limited availability degradation on the vulnerable node, consistent with the low availability impact rating in the CVSS vector.

Back to search

HIGHCVE-2026-53831Published 2026-06-12Modified 2026-06-15CNA VulnCheck

CVE-2026-53831: OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

Q: What is CVE-2026-53831?

A policy enforcement vulnerability in OpenClaw's system.run safe-bin allowlist allows shell metacharacters to bypass command validation on POSIX nodes. The flaw is reachable over the network and requires low-privilege authentication; no victim interaction is needed. Successful exploitation lets an attacker read arbitrary node-local files and expose sensitive configuration data, including potential credentials or secrets. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-53831 fixed?

A patched-image rebuild at OpenClaw 2026.5.18 becomes available through HarborGuard once the fix version is confirmed against scanned images. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.

CVSS v4.0: 7.6
Severity: HIGH
Fixed in: 2026.5.18
Affected Products: 1

HarborGuard Analysis

Synopsis

A policy enforcement vulnerability in OpenClaw's system.run safe-bin allowlist allows shell metacharacters to bypass command validation on POSIX nodes. The flaw is reachable over the network and requires low-privilege authentication; no victim interaction is needed. Successful exploitation lets an attacker read arbitrary node-local files and expose sensitive configuration data, including potential credentials or secrets. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53831 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines. Coverage extends to custom-built images that bundle OpenClaw, not just upstream base images.

Available

Triage

HarborGuard scores this CVE at 7.6 HIGH using the CVSS v4.0 vector and surfaces it with per-environment compliance policy weighting applied. Triage alerts are routed to the inbox configured for the relevant team within each customer organization.

Available

Patch

A patched-image rebuild at OpenClaw 2026.5.18 becomes available through HarborGuard once the fix version is confirmed against scanned images. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The vulnerable system.run endpoint is exposed over the network, so the attacker must be able to reach the OpenClaw service remotely.
AuthenticationRequired
Any low-privilege operator account is sufficient; no admin rights are needed to craft a malicious command through the allowlist.
Victim interactionNot required
The attacker submits the crafted command directly; no user action or social engineering is needed.
Attack complexityDetail
Base exploit logic is reliable and condition-free, though the CVSS v4.0 AT:P token indicates that specific target conditions (such as particular POSIX shell configurations) must be present on the node.

Blast Radius

Reads arbitrary node-local files by abusing shell expansion to escape the approved command set, exposing configuration files, secrets, and stored credentials.
Reads and potentially exfiltrates sensitive data with high confidentiality impact on the vulnerable component, including API keys or authentication material embedded in config files.
Modifies or overwrites node-local data with high integrity impact on the vulnerable component, as shell expansion can redirect writes beyond intended paths.
Causes limited availability degradation on the vulnerable node, consistent with the low availability impact rating in the CVSS vector.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication, matching any image in customer registries or pipelines that bundles a pre-2026.5.18 OpenClaw build. For environments where compliance policy permits auto-remediation, HarborGuard rebuilds the image at version 2026.5.18, executes a regression run, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. For environments that require manual review before remediation, the CVE appears in the priority queue with CVSS scoring and policy weighting already applied, ready for engineer action. As a compensating control while the patch is staged, network policy rules that restrict which identities can reach the OpenClaw system.run endpoint will reduce exposure by limiting who can submit commands against the allowlist.

See how HarborGuard automates this

Fix available

2026.5.18

Affected packages

OpenClaw / OpenClaw
< 2026.5.18 (from 0)
Fixed in 2026.5.18

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available