What is CVE-2026-53864?

CVE-2026-53864 is a high-severity vulnerability in Openclaw, classified under Incomplete List of Disallowed Inputs. CVSS score: 8.1/10. Published 2026-06-16.

How severe is CVE-2026-53864?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Openclaw

CVE-2026-53864

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment ove…

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Openclaw — versions 0, 2026.5.26

Weakness classification (CWE)

CWE-184 — Incomplete List of Disallowed Inputs

References

disclosure@vulncheck.com (vendor-advisory, Mitigation, Vendor Advisory)
disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-53864?: CVE-2026-53864 is a high-severity vulnerability in Openclaw, classified under Incomplete List of Disallowed Inputs. CVSS score: 8.1/10. Published 2026-06-16.
How severe is CVE-2026-53864?: High severity. CVSS v3 base score is 8.1 out of 10.