CVE Catalog

CVE-2026-53821

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

OpenClaw before version 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections.

Risk Assessment

The organization may be exposed to unauthorized access to administrative functions, potentially leading to serious security breaches. Exploiting this vulnerability could allow attackers to execute admin-gated Gateway RPCs.

Recommendation

It is recommended to update OpenClaw to version 2026.5.18 or later to mitigate this vulnerability. Additionally, an audit of trusted proxy configurations and access to the administrative interface should be conducted.

Original NVD description (English source)

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS