[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-53816":3,"news-by-cve-CVE-2026-53816-10":61},{"date_published":4,"nvd_cvss_score":5,"kev_ransomware_use":6,"reference_count":7,"sources":8,"date_updated":11,"assigner_org":12,"assigner_short_name":12,"cvss_version":13,"cvss_vector":14,"in_kev":6,"sectors":15,"has_attack_graph":17,"nvd_cvss_severity":18,"has_ai_summary":6,"state":19,"cvss_score":5,"nvd_cvss_vector":14,"cvss_source":10,"attack_technique_count":7,"description":20,"has_nuclei_templates":6,"title":21,"has_workaround":6,"exploit_count":22,"nuclei_template_count":22,"affected_products_preview":23,"has_exploit":6,"has_solution":6,"affected_product_count":28,"weaknesses":29,"source_identifier":32,"cvss_severity":18,"vendor_context":33,"tags":40,"id":41,"attack_techniques":42,"attack_tactics":54,"remediation_summary":55,"references_preview":56},"2026-06-11T20:09:15Z",7.2,false,2,[9,10],"cvelist","nvd","2026-06-11T21:16:23Z","","3.1","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",[16],"security-products",true,"HIGH","PUBLISHED","OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway, steering target sessions into exec-event paths that expose capabilities the reduced node surface should not provide.","OpenClaw \u003C 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node",0,[24],{"vendor":25,"product":25,"sector":16,"subsector":26,"deployment":27},"OpenClaw","endpoint-av-edr","embedded",1,[30],{"cwe_id":31,"name":12},"CWE-862","83251b91-4cc7-4094-a5c7-464a1b83ea10",[34],{"vendor":35,"vendor_type":36,"aliases":37,"sector":16,"subsector":26},"openclaw","oss-project",[38,39],"crabbox","clawdbot",[],"CVE-2026-53816",[43,50],{"url":44,"confidence":45,"technique_id":46,"technique_name":47,"tactic":48,"tactic_name":49},"https://attack.mitre.org/techniques/T1078/","medium","T1078","Valid Accounts","initial-access","Initial Access",{"technique_id":51,"technique_name":52,"tactic":48,"tactic_name":49,"url":53,"confidence":45},"T1190","Exploit Public-Facing Application","https://attack.mitre.org/techniques/T1190/",[49],{"has_workaround":6,"has_patch":6},[57,59],{"url":58,"source":9},"https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4",{"url":60,"source":9},"https://www.vulncheck.com/advisories/openclaw-exec-lifecycle-event-forgery-via-paired-node",{"cve_id":41,"items":62,"total":22},[]]