Loading market data...
← Back to CVE feed

CVE-2026-53819

HIGH CVSS 8.8 View on NVD ↗

Description

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: Jun 11, 2026 21:16 UTC Modified: Jun 12, 2026 15:58 UTC