CVE-2026-53859
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
OpenClaw before version 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs.
Risk Assessment
Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.
Recommendation
It is recommended to update OpenClaw to version 2026.5.26 or later to mitigate this vulnerability and review hostname policies to ensure their effectiveness.
Original NVD description (English source)
OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

