PatchSiren cyber security CVE debrief
CVE-2026-53839 OpenClaw CVE debrief
CVE-2026-53839 is a medium-severity vulnerability in OpenClaw, a software that contains a hostname validation vulnerability in retry endpoint checks. The vulnerability allows attackers to craft a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6, indicating a medium severity level.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw software should be aware of this vulnerability and take necessary steps to update to a patched version.
Technical summary
The vulnerability is caused by the software's use of hostname prefix matching instead of exact hostname validation in retry endpoint checks. This allows attackers to send authentication material to untrusted endpoints by crafting a hostname prefix that resembles a trusted host.
Defensive priority
medium
Recommended defensive actions
- Update OpenClaw to version 2026.5.7 or later.
- Review and update any affected systems or configurations.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability.
Official resources
CVE-2026-53839 was published on 2026-06-12T22:16:55.863Z and has not been modified since then.