[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-53808":3,"news-by-cve-CVE-2026-53808-10":61},{"state":4,"nvd_cvss_severity":5,"has_solution":6,"attack_technique_count":7,"description":8,"cvss_vector":9,"affected_products_preview":10,"id":16,"date_published":17,"has_exploit":6,"exploit_count":18,"affected_product_count":19,"remediation_summary":20,"has_nuclei_templates":6,"has_attack_graph":21,"source_identifier":22,"nvd_cvss_score":23,"cvss_source":24,"sources":25,"assigner_short_name":27,"nvd_cvss_vector":9,"kev_ransomware_use":6,"nuclei_template_count":18,"references_preview":28,"has_ai_summary":6,"cvss_score":23,"in_kev":6,"sectors":33,"vendor_context":34,"tags":41,"attack_techniques":42,"date_updated":54,"assigner_org":27,"has_workaround":6,"reference_count":7,"weaknesses":55,"title":58,"cvss_version":59,"cvss_severity":5,"attack_tactics":60},"PUBLISHED","MEDIUM",false,2,"OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before the expected approval step, potentially modifying configurations without proper authorization.","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",[11],{"vendor":12,"product":12,"sector":13,"subsector":14,"deployment":15},"OpenClaw","security-products","endpoint-av-edr","embedded","CVE-2026-53808","2026-06-11T20:06:14Z",0,1,{"has_patch":6,"has_workaround":6},true,"83251b91-4cc7-4094-a5c7-464a1b83ea10",6.5,"nvd",[26,24],"cvelist","",[29,31],{"url":30,"source":26},"https://github.com/openclaw/openclaw/security/advisories/GHSA-cqwv-9qjx-vxw2",{"url":32,"source":26},"https://www.vulncheck.com/advisories/openclaw-approval-policy-bypass-in-skill-workshop-apply-flow",[13],[35],{"aliases":36,"sector":13,"subsector":14,"vendor":39,"vendor_type":40},[37,38],"crabbox","clawdbot","openclaw","oss-project",[],[43,50],{"url":44,"confidence":45,"technique_id":46,"technique_name":47,"tactic":48,"tactic_name":49},"https://attack.mitre.org/techniques/T1078/","medium","T1078","Valid Accounts","initial-access","Initial Access",{"url":51,"confidence":45,"technique_id":52,"technique_name":53,"tactic":48,"tactic_name":49},"https://attack.mitre.org/techniques/T1190/","T1190","Exploit Public-Facing Application","2026-06-11T21:16:22Z",[56],{"cwe_id":57,"name":27},"CWE-863","OpenClaw \u003C 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow","3.1",[49],{"cve_id":16,"items":62,"total":18},[]]