OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope | Advisories

Advisories

OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope

severity: medium
date: 6/16/2026
Affecting: OpenClaw < 2026.5.6
CVE: CVE-2026-53847
CWE: CWE-266 Incorrect Privilege Assignment
CVSS: 5.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
References: GitHub Security Advisory (GHSA-x629-46cc-7xgw)
Credit: zsx (@zsxsoft), KeenSecurityLab, qclawer
Description: OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo