CVE-2026-53863

OpenClaw before 2026.4.25 exposes an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. When a group ID is supplied to the policy resolver, it can lead to incorrect group-policy decisions for tool invocations, potentially bypassing intended access contr...

kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. An error while resolving policies in xfrmbundlelookup causes the refcount to drop twice, leading to a possible crash and a denial of service...