Vulnerability Details CVE-2026-53866
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell content execution without intended approval prompts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 19.0%
CVSS Severity
CVSS v3 Score 8.1