CVE-2026-53852

Published: Giu 16, 2026 Last Modified: Giu 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 5,4
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access.

636

Not Failing Securely ('Failing Open')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Applicable Platforms
Technologies: Not Technology-Specific, ICS/OT
View CWE Details
https://github.com/openclaw/openclaw/security/advisories/GH…
https://github.com/openclaw/openclaw/security/advisories/GHSA-8mg9-j9cf-54cj
https://www.vulncheck.com/advisories/openclaw-scope-bypass-…
https://www.vulncheck.com/advisories/openclaw-scope-bypass-via-empty-scope-devi…