CVE-2026-53829
8.0 HIGHOpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes fro...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 8.0 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-451
Description
OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-45650 — User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over ... (4.3 MEDIUM)
- CVE-2026-11300 — Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via ... (4.3 MEDIUM)
- CVE-2026-11294 — Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a ... (4.3 MEDIUM)
- CVE-2026-11286 — Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromise... (4.3 MEDIUM)
- CVE-2026-11285 — Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spo... (4.3 MEDIUM)