ByteOS Network

NVD Vulnerability Details :

CVE-2026-53809

Analyzed

Source-disclosure@vulncheck.com

Published At-11 Jun, 2026 | 21:16

Updated At-12 Jun, 2026 | 19:32

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider policy restrictions when the affected feature is enabled.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	3.8	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Type: Secondary

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 3.8

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CPE Matches

OpenClaw

>>openclaw>>Versions before 2026.4.25(exclusive)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Weaknesses

CWE ID	Type	Source
CWE-863	Primary	disclosure@vulncheck.com

CWE ID: CWE-863

Type: Primary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://github.com/openclaw/openclaw/security/advisories/GHSA-p39j-x9h5-q66m	disclosure@vulncheck.com	Mitigation Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-provider-alias-confusion-in-embedded-runner-policy	disclosure@vulncheck.com	Third Party Advisory

Hyperlink: https://github.com/openclaw/openclaw/security/advisories/GHSA-p39j-x9h5-q66m

Source: disclosure@vulncheck.com

Resource:

Mitigation

Vendor Advisory

Hyperlink: https://www.vulncheck.com/advisories/openclaw-provider-alias-confusion-in-embedded-runner-policy

Source: disclosure@vulncheck.com

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History