Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-53816 (GCVE-0-2026-53816)
Vulnerability from cvelistv5 – Published: 2026-06-11 20:09 – Updated: 2026-06-23 16:16 X_Open Source- CWE-862 - Missing Authorization
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | vendor-advisory |
| https://www.vulncheck.com/advisories/openclaw-exe… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T03:55:40.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"repo": "https://github.com/openclaw/openclaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.5.18",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.5.18",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.5.18",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cantinagen"
},
{
"lang": "en",
"type": "finder",
"value": "Ellahi (@Ellahinator)"
}
],
"datePublic": "2026-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering target sessions into exec-event paths that expose capabilities the reduced node surface should not provide."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:16:54.566Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-3c6j-hq33-3jv4)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-exec-lifecycle-event-forgery-via-paired-node"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53816",
"datePublished": "2026-06-11T20:09:15.669Z",
"dateReserved": "2026-06-10T21:16:07.492Z",
"dateUpdated": "2026-06-23T16:16:54.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-53816",
"date": "2026-07-04",
"epss": "0.00342",
"percentile": "0.2625"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-53816\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-06-11T21:16:23.830\",\"lastModified\":\"2026-06-17T10:58:03.253\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering target sessions into exec-event paths that expose capabilities the reduced node surface should not provide.\"}],\"affected\":[{\"source\":\"disclosure@vulncheck.com\",\"affectedData\":[{\"vendor\":\"OpenClaw\",\"product\":\"OpenClaw\",\"defaultStatus\":\"unaffected\",\"repo\":\"https://github.com/openclaw/openclaw\",\"packageURL\":\"pkg:npm/openclaw\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"2026.5.18\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"2026.5.18\",\"versionType\":\"semver\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-12T00:00:00+00:00\",\"id\":\"CVE-2026-53816\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2026.5.18\",\"matchCriteriaId\":\"32D0487B-7776-415C-9EAA-0F4FF4E6AF97\"}]}]}],\"references\":[{\"url\":\"https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.vulncheck.com/advisories/openclaw-exec-lifecycle-event-forgery-via-paired-node\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-53816\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-12T15:51:38.424351Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-12T16:00:25.323Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"OpenClaw \u003c 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"cantinagen\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ellahi (@Ellahinator)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.6, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/openclaw/openclaw\", \"vendor\": \"OpenClaw\", \"product\": \"OpenClaw\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2026.5.18\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"2026.5.18\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:npm/openclaw\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-05-28T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4\", \"name\": \"GitHub Security Advisory (GHSA-3c6j-hq33-3jv4)\", \"tags\": [\"vendor-advisory\", \"patch\"]}, {\"url\": \"https://www.vulncheck.com/advisories/openclaw-exec-lifecycle-event-forgery-via-paired-node\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering target sessions into exec-event paths that expose capabilities the reduced node surface should not provide.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"Missing Authorization\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2026.5.18\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-06-11T20:09:15.669Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-53816\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-13T03:55:40.830Z\", \"dateReserved\": \"2026-06-10T21:16:07.492Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-06-11T20:09:15.669Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-53816
Vulnerability from fkie_nvd - Published: 2026-06-11 21:16 - Updated: 2026-06-17 10:58| URL | Tags | ||
|---|---|---|---|
| disclosure@vulncheck.com | https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4 | Mitigation, Vendor Advisory | |
| disclosure@vulncheck.com | https://www.vulncheck.com/advisories/openclaw-exec-lifecycle-event-forgery-via-paired-node | Third Party Advisory |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"repo": "https://github.com/openclaw/openclaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.5.18",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.5.18",
"versionType": "semver"
}
]
}
],
"source": "disclosure@vulncheck.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "32D0487B-7776-415C-9EAA-0F4FF4E6AF97",
"versionEndExcluding": "2026.5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering target sessions into exec-event paths that expose capabilities the reduced node surface should not provide."
}
],
"id": "CVE-2026-53816",
"lastModified": "2026-06-17T10:58:03.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-53816",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-11T21:16:23.830",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-exec-lifecycle-event-forgery-via-paired-node"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
GHSA-3C6J-HQ33-3JV4
Vulnerability from github – Published: 2026-07-02 17:12 – Updated: 2026-07-02 17:12Summary
OpenClaw nodes send lifecycle events back to the gateway. In affected releases, a paired node could send an exec lifecycle event that was accepted without enough provenance tying it to an authorized system.run request.
This issue affects the node event boundary. It does not allow an unauthenticated caller to reach the gateway; the attacker must already control a paired node connection.
Affected configurations
This affects deployments with a paired node where that node can send crafted node.event messages to the gateway and the target agent/session can process exec lifecycle events.
Impact
A malicious or compromised paired node could make the gateway treat attacker-supplied event data as an exec lifecycle result. In the vulnerable flow, that could steer the target session into an exec-event path that exposed capabilities the reduced node surface should not have provided.
The issue is a missing provenance check for node-originated lifecycle events.
Patched Versions
The first stable patched version is 2026.5.18.
Mitigations
Upgrade to openclaw@2026.5.18 or later. Pair nodes only from trusted environments, and remove/re-pair nodes that may have been compromised.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.5.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53816"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-862",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T17:12:03Z",
"nvd_published_at": "2026-06-11T21:16:23Z",
"severity": "HIGH"
},
"details": "### Summary\n\nOpenClaw nodes send lifecycle events back to the gateway. In affected releases, a paired node could send an exec lifecycle event that was accepted without enough provenance tying it to an authorized `system.run` request.\n\nThis issue affects the node event boundary. It does not allow an unauthenticated caller to reach the gateway; the attacker must already control a paired node connection.\n\n### Affected configurations\n\nThis affects deployments with a paired node where that node can send crafted `node.event` messages to the gateway and the target agent/session can process exec lifecycle events.\n\n### Impact\n\nA malicious or compromised paired node could make the gateway treat attacker-supplied event data as an exec lifecycle result. In the vulnerable flow, that could steer the target session into an exec-event path that exposed capabilities the reduced node surface should not have provided.\n\nThe issue is a missing provenance check for node-originated lifecycle events.\n\n### Patched Versions\n\nThe first stable patched version is `2026.5.18`.\n\n### Mitigations\n\nUpgrade to `openclaw@2026.5.18` or later. Pair nodes only from trusted environments, and remove/re-pair nodes that may have been compromised.",
"id": "GHSA-3c6j-hq33-3jv4",
"modified": "2026-07-02T17:12:03Z",
"published": "2026-07-02T17:12:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53816"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-exec-lifecycle-event-forgery-via-paired-node"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance"
}
WID-SEC-W-2026-1738
Vulnerability from csaf_certbund - Published: 2026-05-28 22:00 - Updated: 2026-06-16 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenClaw ist ein pers\u00f6nlicher KI-Assistent zur Ausf\u00fchrung auf eigenen Ger\u00e4ten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um Sicherheitsmechanismen zu umgehen, erh\u00f6hte Berechtigungen zu erlangen, Informationen offenzulegen, Konfigurationen zu manipulieren, beliebige Befehle oder Code auszuf\u00fchren sowie interne Systeme \u00fcber SSRF anzugreifen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1738 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1738.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1738 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1738"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-24vr-rprv-67rf vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-24vr-rprv-67rf"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2hfg-4fh4-qp7f vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hfg-4fh4-qp7f"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2j8v-hwgc-x698 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2j8v-hwgc-x698"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3c6j-hq33-3jv4 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3wqp-prf6-2m72 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3wqp-prf6-2m72"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4hpg-mp64-x7xq vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hpg-mp64-x7xq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4m3v-q747-pc6h vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4m3v-q747-pc6h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5cj2-3jr2-5h77 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5cj2-3jr2-5h77"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-68xw-r643-9p5w vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68xw-r643-9p5w"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6c4r-g249-wv3c vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6fvr-66p3-3qj4 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6fvr-66p3-3qj4"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-72fw-cqh5-f324 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-72fw-cqh5-f324"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-77pv-3w4q-vrj5 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77pv-3w4q-vrj5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-77q5-rr5v-x43q vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77q5-rr5v-x43q"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-7hxm-f538-3xp6 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7hxm-f538-3xp6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-83w9-h5wv-j9xm vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-83w9-h5wv-j9xm"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8c59-hr4w-qg69 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8c59-hr4w-qg69"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8j37-5w68-wj2g vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8j37-5w68-wj2g"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8mg9-j9cf-54cj vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8mg9-j9cf-54cj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8wg3-5mcm-fjq8 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8wg3-5mcm-fjq8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-985f-72mj-8gf7 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-985f-72mj-8gf7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-9v8j-9c9g-w66c vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9v8j-9c9g-w66c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c226-q6fx-6j6c vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c226-q6fx-6j6c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c29c-2q9c-pc86 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c29c-2q9c-pc86"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-ccwh-wwpp-6wg5 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-ccwh-wwpp-6wg5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-chr9-m4q2-76hw vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cqwv-9qjx-vxw2 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cqwv-9qjx-vxw2"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cw4q-gqg5-g38h vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cw4q-gqg5-g38h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cwpp-5962-q4f6 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwpp-5962-q4f6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f397-5vjw-v2c2 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f397-5vjw-v2c2"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-fcvx-5cxc-v5p8 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-fq9j-vw4w-fr6v vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fq9j-vw4w-fr6v"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gp79-m99v-gjmh vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gp79-m99v-gjmh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-grc3-2j34-p6gm vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-grc3-2j34-p6gm"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gxg4-2rrr-jhc7 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gxg4-2rrr-jhc7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-hcm3-8f6r-6xwg vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hcm3-8f6r-6xwg"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-hw9r-h9mr-4jff vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hw9r-h9mr-4jff"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-jvm4-4j77-39p6 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jvm4-4j77-39p6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mgq6-vr84-7m2j vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mgq6-vr84-7m2j"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mhq8-78pj-5j79 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mhq8-78pj-5j79"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mpc8-jxjh-qpgh vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mpc8-jxjh-qpgh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p2fh-f5fc-44hr vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p2fh-f5fc-44hr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p39j-x9h5-q66m vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p39j-x9h5-q66m"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p73f-w79w-jqr5 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p73f-w79w-jqr5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-q7q8-3mgw-q67r vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q7q8-3mgw-q67r"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-q99w-vh6v-q3v7 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q99w-vh6v-q3v7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qh2f-99mv-mrcf vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qh2f-99mv-mrcf"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qjpc-qf9m-xwmr vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qjpc-qf9m-xwmr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rggc-m335-3wvj vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rggc-m335-3wvj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rj6p-xmxr-qj4h vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rj6p-xmxr-qj4h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rjxq-qqhf-8hwh vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rjxq-qqhf-8hwh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rwp6-7w3q-75fq vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rwp6-7w3q-75fq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rx78-29qr-5hq8 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rx78-29qr-5hq8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v2ww-5rh7-2h5v vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v2ww-5rh7-2h5v"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v6r2-jh58-xx6w vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6r2-jh58-xx6w"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v8cx-933x-r976 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8cx-933x-r976"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-vxx3-6hc9-7cc3 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vxx3-6hc9-7cc3"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w4v6-g3wm-w36c vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w4v6-g3wm-w36c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w5ww-7chg-mxcq vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w5ww-7chg-mxcq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w9hf-3pp7-pvxv vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9hf-3pp7-pvxv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-wc84-j36w-pw4x vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wc84-j36w-pw4x"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-wv26-j37q-2g7p vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wv26-j37q-2g7p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-x629-46cc-7xgw vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xww8-gqvh-92x9 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9"
}
],
"source_lang": "en-US",
"title": "OpenClaw: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T08:39:59.506+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1738",
"initial_release_date": "2026-05-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: CVE-2026-35673, GHSA-7339-549C-W53J, CVE-2026-32906, EUVD-2026-33333, CVE-2026-34507, EUVD-2026-33334, CVE-2026-35630, EUVD-2026-33335, CVE-2026-35674, GHSA-9WCX-Q3FH-QG43, EUVD-2026-33337, EUVD-2026-33336"
},
{
"date": "2026-06-11T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: CVE-2026-53818, EUVD-2026-36324, CVE-2026-53814, EUVD-2026-36320, CVE-2026-53815, EUVD-2026-36321, CVE-2026-53819, EUVD-2026-36325, CVE-2026-53817, EUVD-2026-36323, CVE-2026-53816, EUVD-2026-36322, CVE-2026-53810, EUVD-2026-36316, CVE-2026-53809, EUVD-2026-36315, CVE-2026-53808, EUVD-2026-36314, CVE-2026-53807, EUVD-2026-36313, CVE-2026-53806, EUVD-2026-36312, CVE-2026-53811, EUVD-2026-36317, CVE-2026-53812, EUVD-2026-36318, CVE-2026-53813, EUVD-2026-36319"
},
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: CVE-2026-53837, EUVD-2026-36625, CVE-2026-53834, EUVD-2026-36622, CVE-2026-53833, EUVD-2026-36621, CVE-2026-53832, EUVD-2026-36620, CVE-2026-53831, EUVD-2026-36619, CVE-2026-53823, EUVD-2026-36611, CVE-2026-53838, EUVD-2026-36626, CVE-2026-53822, EUVD-2026-36610, CVE-2026-53839, EUVD-2026-36627, CVE-2026-53821, EUVD-2026-36609, CVE-2026-53829, GHSA-92QJ-8G54-QMPH, CVE-2026-53825, EUVD-2026-36613, EUVD-2026-36617, CVE-2026-53828, EUVD-2026-36616, CVE-2026-53826, EUVD-2026-36614, CVE-2026-53827, EUVD-2026-36615, CVE-2026-53824, EUVD-2026-36612, CVE-2026-53820, EUVD-2026-36608, CVE-2026-53835, EUVD-2026-36623"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: CVE-2026-53858, EUVD-2026-37160, CVE-2026-53859, EUVD-2026-37161, CVE-2026-53860, EUVD-2026-37162, CVE-2026-53842, EUVD-2026-37144, CVE-2026-53852, EUVD-2026-37154, CVE-2026-53866, EUVD-2026-37168, CVE-2026-53847, EUVD-2026-37149, CVE-2026-53854, EUVD-2026-37156, CVE-2026-53850, EUVD-2026-37152, CVE-2026-53863, EUVD-2026-37165, GHSA-58WC-8WRV-XP9J, GHSA-4QGR-57JQ-93VH, CVE-2026-53861, EUVD-2026-37163, CVE-2026-53843, EUVD-2026-37145, CVE-2026-53848, EUVD-2026-37150, CVE-2026-53841, EUVD-2026-37143, CVE-2026-53853, EUVD-2026-37155, CVE-2026-53840, EUVD-2026-37142, CVE-2026-53865, EUVD-2026-37167, CVE-2026-53849, EUVD-2026-37151, CVE-2026-53862, EUVD-2026-37164, CVE-2026-53855, EUVD-2026-37157, CVE-2026-53846, EUVD-2026-37148, CVE-2026-53857, EUVD-2026-37159, CVE-2026-53856, EUVD-2026-37158, CVE-2026-53864, EUVD-2026-37166, CVE-2026-53851, EUVD-2026-37153, CVE-2026-53844, EUVD-2026-37146, CVE-2026-53845, EUVD-2026-37147"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source OpenClaw",
"product": {
"name": "Open Source OpenClaw",
"product_id": "T051276",
"product_identification_helper": {
"cpe": "cpe:/a:openclaw:openclaw:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32906",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-32906"
},
{
"cve": "CVE-2026-34507",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-34507"
},
{
"cve": "CVE-2026-35630",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-35630"
},
{
"cve": "CVE-2026-35673",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-35673"
},
{
"cve": "CVE-2026-35674",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-35674"
},
{
"cve": "CVE-2026-53806",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53806"
},
{
"cve": "CVE-2026-53807",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53807"
},
{
"cve": "CVE-2026-53808",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53808"
},
{
"cve": "CVE-2026-53809",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53809"
},
{
"cve": "CVE-2026-53810",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53810"
},
{
"cve": "CVE-2026-53811",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53811"
},
{
"cve": "CVE-2026-53812",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53812"
},
{
"cve": "CVE-2026-53813",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53813"
},
{
"cve": "CVE-2026-53814",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53814"
},
{
"cve": "CVE-2026-53815",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53815"
},
{
"cve": "CVE-2026-53816",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53816"
},
{
"cve": "CVE-2026-53817",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53817"
},
{
"cve": "CVE-2026-53818",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53818"
},
{
"cve": "CVE-2026-53819",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53819"
},
{
"cve": "CVE-2026-53820",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53820"
},
{
"cve": "CVE-2026-53821",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53821"
},
{
"cve": "CVE-2026-53822",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53822"
},
{
"cve": "CVE-2026-53823",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53823"
},
{
"cve": "CVE-2026-53824",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53824"
},
{
"cve": "CVE-2026-53825",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53825"
},
{
"cve": "CVE-2026-53826",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53826"
},
{
"cve": "CVE-2026-53827",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53827"
},
{
"cve": "CVE-2026-53828",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53828"
},
{
"cve": "CVE-2026-53829",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53829"
},
{
"cve": "CVE-2026-53831",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53831"
},
{
"cve": "CVE-2026-53832",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53832"
},
{
"cve": "CVE-2026-53833",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53833"
},
{
"cve": "CVE-2026-53834",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53834"
},
{
"cve": "CVE-2026-53835",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53835"
},
{
"cve": "CVE-2026-53837",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53837"
},
{
"cve": "CVE-2026-53838",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53838"
},
{
"cve": "CVE-2026-53839",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53839"
},
{
"cve": "CVE-2026-53840",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53840"
},
{
"cve": "CVE-2026-53841",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53841"
},
{
"cve": "CVE-2026-53842",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53842"
},
{
"cve": "CVE-2026-53843",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53843"
},
{
"cve": "CVE-2026-53844",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53844"
},
{
"cve": "CVE-2026-53845",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53845"
},
{
"cve": "CVE-2026-53846",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53846"
},
{
"cve": "CVE-2026-53847",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53847"
},
{
"cve": "CVE-2026-53848",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53848"
},
{
"cve": "CVE-2026-53849",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53849"
},
{
"cve": "CVE-2026-53850",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53850"
},
{
"cve": "CVE-2026-53851",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53851"
},
{
"cve": "CVE-2026-53852",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53852"
},
{
"cve": "CVE-2026-53853",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53853"
},
{
"cve": "CVE-2026-53854",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53854"
},
{
"cve": "CVE-2026-53855",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53855"
},
{
"cve": "CVE-2026-53856",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53856"
},
{
"cve": "CVE-2026-53857",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53857"
},
{
"cve": "CVE-2026-53858",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53858"
},
{
"cve": "CVE-2026-53859",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53859"
},
{
"cve": "CVE-2026-53860",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53860"
},
{
"cve": "CVE-2026-53861",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53861"
},
{
"cve": "CVE-2026-53862",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53862"
},
{
"cve": "CVE-2026-53863",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53863"
},
{
"cve": "CVE-2026-53864",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53864"
},
{
"cve": "CVE-2026-53865",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53865"
},
{
"cve": "CVE-2026-53866",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53866"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.