CVE-2026-53864 – OpenClaw < 2026.5.26 – Insufficient Environment Variable Sanitization in Node.js Control Variables

admin
June 16, 2026
Wire

CVE ID :CVE-2026-53864

Published : June 16, 2026, 6:05 p.m. | 30 minutes ago

Description :OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious Node.js control variables to influence child processes or coverage output paths.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More

Related Posts

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

CVE-2026-55196 – Hermes WebUI < 0.51.409 – Unauthenticated Passkey Registration via Authentication Bypass

CVE-2026-53871 – Hermes WebUI < 0.51.368 – Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie