CVE Catalog

CVE-2026-53817

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

14th percentile - higher than 14% of all known CVEs

Summary

OpenClaw before version 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens.

Risk Assessment

Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.

Recommendation

It is recommended to update OpenClaw to version 2026.5.22 or later to mitigate this vulnerability and implement additional security measures to protect against unauthorized access.

Original NVD description (English source)

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS