PatchSiren cyber security CVE debrief

CVE-2026-53852 OpenClaw CVE debrief

CVE-2026-53852 is a scope containment bypass vulnerability in OpenClaw before version 2026.4.25. The vulnerability occurs in the device re-pairing process and allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. This can be exploited by attackers to send re-pairing requests with empty scope sets, effectively skipping containment guards and retaining unauthorized device access. The CVSS score for this vulnerability is 2.3, indicating a low severity.

Vendor: OpenClaw
Product: Unknown
CVSS: LOW 2.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-16
Original CVE updated: 2026-06-17
Advisory published: 2026-06-16
Advisory updated: 2026-06-17

Who should care

Users of OpenClaw before version 2026.4.25 should be aware of this vulnerability and take steps to mitigate it. Specifically, administrators of OpenClaw installations should prioritize updating to version 2026.4.25 or later to prevent exploitation.

Technical summary

The vulnerability is caused by a lack of proper scope validation in the device re-pairing process. When an authenticated operator submits a re-pairing request with an empty scope set, the system fails to enforce containment guards, allowing the operator to restore broader scopes than intended. This can lead to unauthorized device access and potential security breaches.

Defensive priority

High

Recommended defensive actions

Update OpenClaw to version 2026.4.25 or later.
Restrict access to the device re-pairing process to authorized personnel only.
Monitor system logs for suspicious re-pairing requests.

Evidence notes

The CVE record for CVE-2026-53852 was obtained from the official CVE website [cve-org]. Additional information was obtained from the NVD detail page [nvd] and source references [ref-4], [ref-5].

Official resources

CVE-2026-53852 was published on 2026-06-16T19:17:02.510Z and modified on 2026-06-16T20:42:46.200Z.