PatchSiren cyber security CVE debrief
CVE-2026-53841 OpenClaw CVE debrief
CVE-2026-53841 is a low-severity cross-site scripting (XSS) vulnerability in OpenClaw before version 2026.5.12. The vulnerability occurs in exported session HTML, where unsafe javascript: and data: links are preserved, allowing attackers to execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of OpenClaw before version 2026.5.12 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2.1 and is classified as low severity. It requires user interaction to exploit and can result in limited impact, including confidentiality and integrity losses.
Defensive priority
Low
Recommended defensive actions
- Update OpenClaw to version 2026.5.12 or later.
- Be cautious when opening exported session HTML files from untrusted sources.
- Use a web browser with built-in XSS protection features.
Evidence notes
The CVE record was published on [cve-org] and additional details can be found on [nvd].
Official resources
CVE-2026-53841 was published on 2026-06-16T19:17:00.993Z and modified on 2026-06-16T20:42:46.200Z.