CVE-2026-53852
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
OpenClaw before version 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests.
Risk Assessment
Attackers can exploit this vulnerability by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access.
Recommendation
It is recommended to update OpenClaw to version 2026.4.25 or later to mitigate this vulnerability and to implement additional verification mechanisms for re-pairing requests.
Original NVD description (English source)
OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access.

