VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Jun 16, 2026· Updated Jun 16, 2026

CVE-2026-53845

CVE-2026-53845

Description

OpenClaw before 2026.5.6 allows attackers to bypass hook-based auditing and policy enforcement by sending skill commands through a vulnerable dispatch path.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenClaw before 2026.5.6 allows attackers to bypass hook-based auditing and policy enforcement by sending skill commands through a vulnerable dispatch path.

Vulnerability

OpenClaw before version 2026.5.6 contains a hook bypass vulnerability in skill command dispatch. When skill commands are routed through the affected dispatch path, they skip the before-tool-call hook coverage that is applied to other tool entry points. This affects versions prior to the patched release 2026.5.6 [1].

Exploitation

An attacker can send skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy enforcement. The attacker must have the ability to send skill commands to the affected gateway. The advisory notes that authenticated Gateway operators and installed plugins remain trusted, but lower-trust input reaching the vulnerable path could be exploited [1][2].

Impact

Successful exploitation allows the attacker to execute skill commands without the standard hook-based auditing and policy checks. This can result in missing auditing records or policy enforcement for those commands. The practical impact depends on the operator's configuration and whether lower-trust input can reach the affected path [1].

Mitigation

The first stable patched version is 2026.5.6 [1]. Users should upgrade to this version or later. As a workaround, avoid relying solely on hook-based enforcement for skill commands until patched, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when not needed [1].

References
  1. Skill-command dispatch could skip before-tool-call hooks
  2. OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping

AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • OpenClaw/Openclawinferred2 versions
    <2026.5.6+ 1 more
    • (no CPE)range: <2026.5.6
    • (no CPE)range: <2026.5.6

Patches

1
92339752ea15

fix(net): bound guarded fetch dispatcher cleanup

https://github.com/OpenClaw/OpenClawAyaan ZaidiMay 6, 2026Fixed in 2026.5.6via llm-release-walk
commit
1 file changed · +45 8
  • src/infra/net/ssrf.ts+45 8 modified
    @@ -27,6 +27,7 @@ type LookupCallback = (
 ) => void;
 
 type LookupResult = LookupAddress | LookupAddress[];
+const DISPATCHER_CLOSE_TIMEOUT_MS = 100;
 
 export class SsrFBlockedError extends Error {
   constructor(message: string) {
@@ -551,19 +552,55 @@ export function createPinnedDispatcher(
   );
 }
 
+type ClosableDispatcher = {
+  close?: () => Promise<void> | void;
+  destroy?: () => void;
+};
+
+function destroyDispatcher(candidate: ClosableDispatcher): void {
+  try {
+    candidate.destroy?.();
+  } catch {
+    // ignore dispatcher cleanup errors
+  }
+}
+
+async function waitForDispatcherClose(candidate: ClosableDispatcher): Promise<void> {
+  const close = candidate.close;
+  if (typeof close !== "function") {
+    destroyDispatcher(candidate);
+    return;
+  }
+  let timeout: ReturnType<typeof setTimeout> | undefined;
+  try {
+    await Promise.race([
+      Promise.resolve(close.call(candidate)),
+      new Promise<void>((resolve) => {
+        timeout = setTimeout(() => {
+          timeout = undefined;
+          destroyDispatcher(candidate);
+          resolve();
+        }, DISPATCHER_CLOSE_TIMEOUT_MS);
+        timeout.unref?.();
+      }),
+    ]);
+  } catch (err) {
+    destroyDispatcher(candidate);
+    throw err;
+  } finally {
+    if (timeout) {
+      clearTimeout(timeout);
+    }
+  }
+}
+
 export async function closeDispatcher(dispatcher?: Dispatcher | null): Promise<void> {
   if (!dispatcher) {
     return;
   }
-  const candidate = dispatcher as { close?: () => Promise<void> | void; destroy?: () => void };
+  const candidate = dispatcher as ClosableDispatcher;
   try {
-    if (typeof candidate.close === "function") {
-      await candidate.close();
-      return;
-    }
-    if (typeof candidate.destroy === "function") {
-      candidate.destroy();
-    }
+    await waitForDispatcherClose(candidate);
   } catch {
     // ignore dispatcher cleanup errors
   }

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.