CVE-2026-53850

Sažetak

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.

Reference

https://github.com/openclaw/openclaw/security/advisories/GHSA-mpc8-jxjh-qpgh
https://www.vulncheck.com/advisories/openclaw-control-scope-enforcement-bypass-in-focus-command

CVSS

Base:	5.5
Impact:	3.6
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

16-06-2026 - 20:42

Objavljeno

16-06-2026 - 19:17