CVE-2026-53847

MEDIUM EPSS 7.4%

Published Jun 16, 20261w ago · Modified Jun 17, 20261w ago

5.3 CVSS 4.0

Medium

Published Jun 16, 2026 1w ago

Last Modified Jun 17, 2026 1w ago

Description

OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.

CVSS Details

Base Score

5.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

7.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-266

Affected Products 2

Vendor	Product	Version	Range
openclaw	openclaw	*	<2026.5.6
openclaw	openclaw	2026.5.6	any

References 2

github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw

Vendor Advisory
vulncheck.com https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.