How is CVE-2026-53853 exploited?

Network reachability (required): The CVSS vector specifies AV:N, meaning the attacker must reach the OpenClaw service over the network to deliver the malicious argument payload. Authentication (required): The CVSS vector specifies PR:L, meaning the attacker must hold at least a low-privilege account before exploiting the bypass. Victim interaction (not-required): The CVSS vector specifies UI:N, so no user action or social engineering is needed to trigger the vulnerability. Attack complexity (info): The CVSS vector specifies AC:L with AT:P, meaning the exploit itself is straightforward and condition-free, though successful exploitation may depend on specific target conditions being present in the environment.

What is the impact of CVE-2026-53853?

Reads arbitrary files accessible to the process, including credentials, configuration secrets, and application data. Initiates outbound network connections using allowlisted executables as a proxy, enabling data exfiltration or lateral movement. Executes operating system commands beyond the scope of the configured allowlist, extending attacker control over the host process. Partially degrades service availability (low VA), which may manifest as unexpected process termination or resource exhaustion during exploitation.

Back to search

HIGHCVE-2026-53853Published 2026-06-16Modified 2026-06-16CNA VulnCheck

CVE-2026-53853: OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS

Q: What is CVE-2026-53853?

An argument pattern validation bypass in OpenClaw's exec allowlist allows a network-reachable, low-privileged attacker to invoke allowlisted executables with arbitrary arguments on Linux and macOS systems. By crafting requests that skip the configured argPattern restrictions, the attacker can pass arguments the allowlist was designed to block. Successful exploitation enables unauthorized file access, network access, or arbitrary command execution within the process context. A patched-image rebuild at version 2026.5.12 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-53853 fixed?

A patched-image rebuild at OpenClaw 2026.5.12 is available on HarborGuard for any image found to contain an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.

CVSS v4.0: 7.6
Severity: HIGH
Fixed in: 2026.5.12
Affected Products: 1

HarborGuard Analysis

Synopsis

An argument pattern validation bypass in OpenClaw's exec allowlist allows a network-reachable, low-privileged attacker to invoke allowlisted executables with arbitrary arguments on Linux and macOS systems. By crafting requests that skip the configured argPattern restrictions, the attacker can pass arguments the allowlist was designed to block. Successful exploitation enables unauthorized file access, network access, or arbitrary command execution within the process context. A patched-image rebuild at version 2026.5.12 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53853 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle OpenClaw. Any image layer containing an OpenClaw version below 2026.5.12 is flagged automatically.

Available

Triage

HarborGuard scores this CVE at 7.6 HIGH using the published CVSS v4.0 vector and weights it against each environment's compliance policy to determine routing priority. Triage results are delivered to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at OpenClaw 2026.5.12 is available on HarborGuard for any image found to contain an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The CVSS vector specifies AV:N, meaning the attacker must reach the OpenClaw service over the network to deliver the malicious argument payload.
AuthenticationRequired
The CVSS vector specifies PR:L, meaning the attacker must hold at least a low-privilege account before exploiting the bypass.
Victim interactionNot required
The CVSS vector specifies UI:N, so no user action or social engineering is needed to trigger the vulnerability.
Attack complexityDetail
The CVSS vector specifies AC:L with AT:P, meaning the exploit itself is straightforward and condition-free, though successful exploitation may depend on specific target conditions being present in the environment.

Blast Radius

Reads arbitrary files accessible to the process, including credentials, configuration secrets, and application data.
Initiates outbound network connections using allowlisted executables as a proxy, enabling data exfiltration or lateral movement.
Executes operating system commands beyond the scope of the configured allowlist, extending attacker control over the host process.
Partially degrades service availability (low VA), which may manifest as unexpected process termination or resource exhaustion during exploitation.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-53853 activates the moment the CVE enters upstream feeds, matching against all registered images including internally built ones. For environments where an affected OpenClaw version is present, a rebuilt image at 2026.5.12 is ready for deployment. Customers with auto-remediation enabled receive a full remediation workflow: rebuilt image, regression test run, and a pull request opened against affected workloads. For HIGH-severity issues, the median time from CVE publication to a merged patch PR in auto-remediation-enabled environments is around 90 minutes. For environments where auto-remediation is not enabled, the triage alert is routed to the configured owner inbox with CVSS scoring and compliance policy context attached, so the team can act on a manual upgrade to 2026.5.12.

See how HarborGuard automates this

Fix available

2026.5.12

Affected packages

OpenClaw / OpenClaw
< 2026.5.12 (from 0)
Fixed in 2026.5.12

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available