Cyber Resilience

CVE-2026-53819

HighPublic PoC

Published: 11 June 2026

Published
11 June 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0030 21.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-53819 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by PATH Environment Variable (T1574.007); ranked at the 21.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise…

more

the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.007 Path Interception by PATH Environment Variable Stealth
Adversaries may execute their own malicious payloads by hijacking environment variables used to load libraries.
Why these techniques?

CWE-426 via .env override of Homebrew executable selection directly enables PATH-based executable interception during install flows.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

openclaw
openclaw
≤ 2026.5.27

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References