CVE-2026-53819
8.8 HIGHOpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can overri...
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-426
Description
OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48565 — Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally (7.8 HIGH)
- CVE-2026-47648 — Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally (7.0 HIGH)
- CVE-2026-24064 — Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability (7.8 HIGH)
- CVE-2026-11401 — An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remot... (8.0 HIGH)
- CVE-2026-11400 — An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a rem... (8.0 HIGH)