CVE-2026-53858— OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53858
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local paths, potentially executing malicious code during dependency resolution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可信的搜索路径
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53858
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53858
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53858 (2)
Same Patch Batch · OpenClaw · 2026-06-16 · 27 CVEs total
| CVE-2026-53843 | 8.8 HIGH | OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session |
| CVE-2026-53853 | 8.3 HIGH | OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS |
| CVE-2026-53857 | 8.1 HIGH | OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy |
| CVE-2026-53864 | 8.1 HIGH | OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control V |
| CVE-2026-53855 | 8.1 HIGH | OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks |
| CVE-2026-53849 | 8.1 HIGH | OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom |
| CVE-2026-53866 | 8.1 HIGH | OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing |
| CVE-2026-53840 | 7.1 HIGH | OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirect |
| CVE-2026-53865 | 7.1 HIGH | OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH |
| CVE-2026-53846 | 7.1 HIGH | OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath |
| CVE-2026-53842 | 7.1 HIGH | OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment V |
| CVE-2026-53863 | 7.1 HIGH | OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy |
| CVE-2026-53861 | 6.6 MEDIUM | OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS |
| CVE-2026-53854 | 6.5 MEDIUM | OpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Int |
| CVE-2026-53859 | 6.5 MEDIUM | OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency |
| CVE-2026-53844 | 6.5 MEDIUM | OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search |
| CVE-2026-53841 | 6.1 MEDIUM | OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session |
| CVE-2026-53856 | 5.5 MEDIUM | OpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw |
| CVE-2026-53850 | 5.5 MEDIUM | OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command |
| CVE-2026-53852 | 5.4 MEDIUM | OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To
Same vendor: OpenClaw
- CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa
Same weakness: CWE-426
- CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53846
OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution v - CVE-2026-53842
OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via - CVE-2026-53819
OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Executi - CVE-2026-48565
Windows Narrator Braille Elevation of Privilege Vulnerabilit
V. Comments for CVE-2026-53858
No comments yet