PatchSiren cyber security CVE debrief
CVE-2026-53862 OpenClaw CVE debrief
CVE-2026-53862 is a low-severity vulnerability in OpenClaw, a software that enables secure pairing and authentication. The vulnerability, disclosed on June 16, 2026, allows an attacker to replay bootstrap tokens before approval, potentially escalating pairing authority beyond intended scope limits.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- LOW 2.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of OpenClaw versions prior to 2026.5.12 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper token validation in OpenClaw, allowing an attacker to reuse tokens with broader requested scopes. This could lead to unintended access and potential security breaches.
Defensive priority
Low
Recommended defensive actions
- Update OpenClaw to version 2026.5.12 or later
- Review and restrict token access and scopes
- Monitor for suspicious activity and potential token replay attempts
Evidence notes
The CVE record and NVD details provide information on the vulnerability, its severity, and potential impact.
Official resources
CVE-2026-53862 was published on June 16, 2026, and last modified on June 16, 2026.