CVE-2026-53859

Published: Giu 16, 2026 Last Modified: Giu 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,0
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

918

Server-Side Request Forgery (SSRF)

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control
Potential Impacts:
Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Technologies: Web Based, AI/ML, Web Server
View CWE Details
1023

Incomplete Comparison with Missing Factors

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Access Control
Potential Impacts:
Alter Execution Logic Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/openclaw/openclaw/security/advisories/GH…
https://github.com/openclaw/openclaw/security/advisories/GHSA-gxg4-2rrr-jhc7
https://www.vulncheck.com/advisories/openclaw-hostname-vali…
https://www.vulncheck.com/advisories/openclaw-hostname-validation-bypass-via-tr…