CVE-2026-53838
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
OpenClaw before version 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows for confusion in approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended.
Risk Assessment
Organizations may be exposed to unauthorized actions that could bypass approval restrictions, jeopardizing system integrity.
Recommendation
It is recommended to update OpenClaw to version 2026.5.27 or later to mitigate this vulnerability and review node approval policies.
Original NVD description (English source)
OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval restrictions.

