CVE-2026-53862

Published: Giu 16, 2026 Last Modified: Giu 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 4,2
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.

266

Incorrect Privilege Assignment

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
View CWE Details
345

Insufficient Verification of Data Authenticity

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Other
Potential Impacts:
Varies By Context Unexpected State
Applicable Platforms
Technologies: ICS/OT
View CWE Details
https://github.com/openclaw/openclaw/security/advisories/GH…
https://github.com/openclaw/openclaw/security/advisories/GHSA-9v8j-9c9g-w66c
https://www.vulncheck.com/advisories/openclaw-bootstrap-tok…
https://www.vulncheck.com/advisories/openclaw-bootstrap-token-replay-via-pendin…