CVE-2026-53847

MEDIUM NVD

CVSS Score 5.4

Severity MEDIUM

Published Jun 16, 2026

Vendor unknown

Description

OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw
https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope