PatchSiren cyber security CVE debrief
CVE-2026-53827 OpenClaw CVE debrief
CVE-2026-53827 is a credential exposure vulnerability in OpenClaw before version 2026.5.2. The vulnerability occurs in the message.action forwarding feature, which allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. This enables remote attackers to intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata. The CVSS score for this vulnerability is 6, indicating a medium severity.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw before version 2026.5.2 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by the message.action forwarding feature in OpenClaw, which allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. This can be exploited by remote attackers to intercept Gateway tokens and action payloads.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to OpenClaw version 2026.5.2 or later.
- Restrict access to the message.action forwarding feature.
- Monitor for suspicious activity related to Gateway tokens and action payloads.
Evidence notes
The CVE record was obtained from the official CVE website [cve-org]. Additional information was obtained from the NVD [nvd] and source references [ref-4], [ref-5].
Official resources
CVE-2026-53827 was published on 2026-06-12T22:16:54.060Z and has not been modified since then.