OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.

AI Analysis

Command Truncation in Exec Approval Display vulnerability allowing authenticated users to execute unauthorized operations after approval.

Basic Information

ID CVE-2026-53829

Source VulnCheck

Published Jun 12, 2026 at 21:56

Affected Product

Vendor OpenClaw

Product OpenClaw

Affected Versions OpenClaw OpenClaw 0

CWE Classification

CWE-451

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor OpenClaw

Product OpenClaw

Version < 2026.5.18

References

{
    "lastseen": "",
    "description": "OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.",
    "published": "2026-06-12T21:56:55.064Z",
    "modified": "2026-06-12T21:56:55.064Z",
    "type": "cve",
    "title": "OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display",
    "source": "VulnCheck",
    "references": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9\nhttps://www.vulncheck.com/advisories/openclaw-command-truncation-in-exec-approval-display",
    "id": "CVE-2026-53829",
    "bulletinFamily": "",
    "cwe": [
        "CWE-451"
    ],
    "cvelist": null,
    "sourceData": "OpenClaw OpenClaw 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenClaw",
    "version": "0",
    "vendor": "OpenClaw",
    "ai_description": "Command Truncation in Exec Approval Display vulnerability allowing authenticated users to execute unauthorized operations after approval.",
    "ai_severity": "High",
    "ai_vendor": "OpenClaw",
    "ai_product": "OpenClaw",
    "ai_version": "< 2026.5.18",
    "ai_score": 8.5
}

OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display_CVE-2026-53829