Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-53817— OpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing

CVSS 8.8 · High EPSS 0.31% · P22

Affected Version Matrix 2

VendorProductVersion RangeStatus
OpenClawOpenClaw< 2026.5.22affected
2026.5.22unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53817

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用欺骗进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.5.22之前版本存在安全漏洞,该漏洞源于Control UI配对中的位置验证问题,允许具有网络访问权限的攻击者伪造位置信息并获得持久的、具有管理员能力的设备令牌。攻击者可以利用位置派生信任验证不足,将临时共享访问转换为持久的、在令牌轮换后仍然有效的管理凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenClawOpenClaw 0 ~ 2026.5.22 -

II. Public POCs for CVE-2026-53817

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53817

登录查看更多情报信息。

Vendor Advisories for CVE-2026-53817 (2)

Same Patch Batch · OpenClaw · 2026-06-11 · 14 CVEs total

CVE-2026-538068.8 HIGHOpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation
CVE-2026-538078.8 HIGHOpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.
CVE-2026-538108.8 HIGHOpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extensio
CVE-2026-538118.8 HIGHOpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom
CVE-2026-538198.8 HIGHOpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override
CVE-2026-538148.3 HIGHOpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority
CVE-2026-538137.8 HIGHOpenClaw < 2026.4.25 - Arbitrary Artifact Loading via Fake Package Root Resolution
CVE-2026-538127.7 HIGHOpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions
CVE-2026-538167.2 HIGHOpenClaw < 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node
CVE-2026-538186.6 MEDIUMOpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback
CVE-2026-538086.5 MEDIUMOpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow
CVE-2026-538156.5 MEDIUMOpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions
CVE-2026-538093.8 LOWOpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

IV. Related Vulnerabilities

Same product: OpenClaw
Same vendor: OpenClaw
Same weakness: CWE-290

V. Comments for CVE-2026-53817

No comments yet

Leave a comment