CVE-2026-53850

Vulnerability

OpenClaw before version 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command. The command fails to perform proper authorization checks, allowing authenticated callers to execute it without the expected control scope enforcement. This affects all versions prior to the patched release. [1][2]

Exploitation

An attacker with authenticated access to the OpenClaw gateway can trigger the focus command to change focus state outside the intended caller authority. The vulnerability is reachable when the affected feature is enabled and lower-trust input can reach that path. No additional user interaction is required beyond authentication. [1][2]

Impact

Successful exploitation allows the attacker to alter focus state, potentially enabling unauthorized operations depending on the gateway configuration and input trust levels. The primary impact is on integrity (high), as the attacker can change state without proper authorization. Confidentiality and availability are not directly affected. [1][2]

Mitigation

The first stable patched version is 2026.4.25. As a workaround, restrict focus command access to trusted operators, keep channel and tool allowlists narrow, avoid sharing a gateway between mutually untrusted users, and disable the affected feature when not needed. [2]