CVE-2026-53829

Summary

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.5.18affected
OpenClawOpenClaw2026.5.18unaffected

Weaknesses

  • CWE-451: User Interface (UI) Misrepresentation of Critical Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References