CVE-2026-53863

HIGH NVD

CVSS Score 7.1

Severity HIGH

Published Jun 16, 2026

Vendor unknown

Description

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-985f-72mj-8gf7
https://www.vulncheck.com/advisories/openclaw-unvalidated-group-id-acceptance-in-tool-group-policy