CVE-2026-53847EPSS p7.3%

CVE-2026-53847CVE-2026-53847

Description

OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.

Scoring

CVSS 5.4 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS0.18% probability of exploitation · percentile 7.3% · 2026-06-19T12:03:05Z
Last modified2026-06-16
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.