CVE-2026-53838
CRITICALOpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection
Title source: cnaDescription
OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval restrictions.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-83w9-h5wv-j9xm)
https://github.com/openclaw/openclaw/security/advisories/GHSA-83w9-h5wv-j9xm
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection
https://www.vulncheck.com/advisories/openclaw-node-pairing-state-mutation-via-reconnection
Scores
CVSS v3
9.8
EPSS
0.0003
EPSS Percentile
8.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-367
Status
published
Products (2)
OpenClaw/OpenClaw
< 2026.5.27
OpenClaw/OpenClaw
2026.5.27
Published
Jun 12, 2026
Tracked Since
Jun 13, 2026