- Description
- OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval restrictions.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- openclaw
CVSS 4.0
- Type
- Secondary
- Base score
- 6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-367
- Hype score
- Not currently trending
#CVE-2026-53838 - Critical supply chain attack in Openclaw. Node pairing reconnection flaw allows authority scope bypass. #CVSS 9.8. No patch yet - mitigate by restricting node access. #CVE #Openclaw #infosec @openclaw Detailed info: https://t.co/0tfw0FSIEW
@HugoValters
14 Jun 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2026-53838 โ CVSS 9.8/10 โโโโโโโโโโ OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes... Severity: CRITICAL Patch now. #cybersecurity #CVE https://t.co/wjAMc7zKpu
@OrizonCyber
12 Jun 2026
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "81760009-ED3F-4CA3-BCF9-5E498627784B",
"versionEndExcluding": "2026.5.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]