PatchSiren cyber security CVE debrief
CVE-2026-53821 OpenClaw CVE debrief
CVE-2026-53821 is a HIGH-severity vulnerability in OpenClaw, a software that enables trusted-proxy Control UI clients. The vulnerability has a CVSS score of 8.7. The issue arises from OpenClaw's acceptance of WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. This allows unpaired or restricted trusted-proxy Control UI clients to obtain cached operator.admin authority on live WebSocket connections, enabling them to execute admin-gated Gateway RPCs.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw before version 2026.5.18 should apply the patch to prevent exploitation of this vulnerability.
Technical summary
OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch: Upgrade to OpenClaw version 2026.5.18 or later.
- Review WebSocket connections: Ensure that WebSocket connections are properly paired and authorized.
Evidence notes
Vendor and product information could not be confirmed. Consider referencing [ref-4](https://github.com/openclaw/openclaw/security/advisories/GHSA-qjpc-qf9m-xwmr) and [ref-5](https://www.vulncheck.com/advisories/openclaw-scope-elevation-in-trusted-proxy-control-ui-websocket) for further details.
Official resources
CVE-2026-53821 was published on 2026-06-12T22:16:53.173Z and has not been modified.