What is GHSA-gw2c-6hcg-5g52?

GHSA-gw2c-6hcg-5g52 is a security advisory published by GitHub Security Advisories with Medium severity. OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus...

Which CVE IDs does GHSA-gw2c-6hcg-5g52 cover?

GHSA-gw2c-6hcg-5g52 covers the following CVE IDs: CVE-2026-53850. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-gw2c-6hcg-5g52?

GHSA-gw2c-6hcg-5g52 has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-gw2c-6hcg-5g52MediumCVSS 5.5

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus...

Vendor

GitHub Security Advisories

Published

June 16, 2026

Last Modified

June 16, 2026

🔗 CVE IDs covered (1)

CVE-2026-53850 →

📋 Description

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.

🔗 References (4)

https://github.com/openclaw/openclaw/security/advisories/GHSA-mpc8-jxjh-qpgh
https://nvd.nist.gov/vuln/detail/CVE-2026-53850
https://www.vulncheck.com/advisories/openclaw-control-scope-enforcement-bypass-in-focus-command
https://github.com/advisories/GHSA-gw2c-6hcg-5g52