Cyber Resilience

CVE-2026-53836

HighPublic PoC

Published: 12 June 2026

Published
12 June 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0045 36.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-53836 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique PowerShell (T1059.001); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks by using unrecognized…

more

encoded-command alias forms to execute arbitrary PowerShell content.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.001 PowerShell Execution
Adversaries may abuse PowerShell commands and scripts for execution.
Why these techniques?

Allowlist bypass directly enables arbitrary PowerShell execution via encoded-command flag aliases.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

openclaw
openclaw
≤ 2026.5.12

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-184

Spam filters rely on evolving blacklists, signatures, and heuristics of disallowed message patterns; keeping them updated per the control directly mitigates incomplete disallowed-input lists.

References