CVE-2026-53818

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.6 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L                                    

Vulnerability Description

OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools when the feature is enabled and reachable.

Vulnerability Details

Published Date

June 11, 2026

Last Modified

June 12, 2026

CWE ID

CWE-862

Source

NVD

Vendor

OpenClaw

Product

OpenClaw

External References

https://github.com/openclaw/openclaw/security/advisories/GHSA-rj6p-xmxr-qj4h
https://www.vulncheck.com/advisories/openclaw-owner-only-tool-policy-bypass-via-mcp-loopback

CVE-2026-53818

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment