[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-53818":3,"news-by-cve-CVE-2026-53818-10":61},{"state":4,"date_updated":5,"cvss_source":6,"affected_products_preview":7,"tags":13,"has_ai_summary":14,"has_solution":14,"sectors":15,"nvd_cvss_severity":16,"has_exploit":14,"description":17,"attack_techniques":18,"id":30,"title":31,"assigner_short_name":32,"sources":33,"cvss_vector":35,"cvss_severity":16,"nvd_cvss_vector":35,"has_workaround":14,"exploit_count":36,"attack_technique_count":37,"nuclei_template_count":36,"weaknesses":38,"date_published":41,"cvss_score":42,"kev_ransomware_use":14,"affected_product_count":43,"references_preview":44,"source_identifier":49,"nvd_cvss_score":42,"in_kev":14,"reference_count":37,"vendor_context":50,"remediation_summary":57,"has_nuclei_templates":14,"has_attack_graph":58,"assigner_org":32,"cvss_version":59,"attack_tactics":60},"PUBLISHED","2026-06-11T21:16:24Z","nvd",[8],{"product":9,"sector":10,"subsector":11,"deployment":12,"vendor":9},"OpenClaw","security-products","endpoint-av-edr","embedded",[],false,[10],"MEDIUM","OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools when the feature is enabled and reachable.",[19,26],{"url":20,"confidence":21,"technique_id":22,"technique_name":23,"tactic":24,"tactic_name":25},"https://attack.mitre.org/techniques/T1078/","medium","T1078","Valid Accounts","initial-access","Initial Access",{"technique_id":27,"technique_name":28,"tactic":24,"tactic_name":25,"url":29,"confidence":21},"T1190","Exploit Public-Facing Application","https://attack.mitre.org/techniques/T1190/","CVE-2026-53818","OpenClaw \u003C 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback","",[34,6],"cvelist","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",0,2,[39],{"cwe_id":40,"name":32},"CWE-862","2026-06-11T20:09:57Z",6.6,1,[45,47],{"url":46,"source":34},"https://github.com/openclaw/openclaw/security/advisories/GHSA-rj6p-xmxr-qj4h",{"url":48,"source":34},"https://www.vulncheck.com/advisories/openclaw-owner-only-tool-policy-bypass-via-mcp-loopback","83251b91-4cc7-4094-a5c7-464a1b83ea10",[51],{"vendor":52,"vendor_type":53,"aliases":54,"sector":10,"subsector":11},"openclaw","oss-project",[55,56],"crabbox","clawdbot",{"has_patch":14,"has_workaround":14},true,"3.1",[25],{"cve_id":30,"items":62,"total":36},[]]