PatchSiren cyber security CVE debrief
CVE-2026-53812 OpenClaw CVE debrief
CVE-2026-53812 is a medium-severity server-side request forgery vulnerability in OpenClaw before version 2026.5.18. Authenticated users can bypass private-network navigation checks through Playwright act interactions, allowing attackers to trigger navigation to private-network targets via action-triggered redirects and read restricted page content using browser evaluation capabilities.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 4.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw before version 2026.5.18, particularly those with private-network navigation checks in place.
Technical summary
The vulnerability exists in the browser control of OpenClaw, allowing authenticated users to bypass private-network navigation checks. This can be exploited through Playwright act interactions, enabling attackers to access restricted page content.
Defensive priority
MEDIUM
Recommended defensive actions
- Update OpenClaw to version 2026.5.18 or later.
- Review and restrict Playwright act interactions to prevent unauthorized access.
- Monitor for suspicious activity and implement additional security measures as needed.
Evidence notes
The vulnerability was reported and analyzed by the OpenClaw community and Vulncheck.
Official resources
-
CVE-2026-53812 CVE record
CVE.org
-
CVE-2026-53812 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-53812 was published on 2026-06-11T21:16:23.303Z and modified on 2026-06-12T19:25:23.177Z.