Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-53817 (GCVE-0-2026-53817)
Vulnerability from cvelistv5 – Published: 2026-06-11 20:09 – Updated: 2026-06-23 16:16 X_Open Source- CWE-290 - Authentication Bypass by Spoofing
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | vendor-advisory |
| https://www.vulncheck.com/advisories/openclaw-con… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T03:55:43.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"repo": "https://github.com/openclaw/openclaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.5.22",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.5.22",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.5.22",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cantinagen"
}
],
"datePublic": "2026-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:16:55.224Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-chr9-m4q2-76hw)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-control-ui-locality-spoofing-in-device-pairing"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.5.22 - Control UI Locality Spoofing in Device Pairing",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53817",
"datePublished": "2026-06-11T20:09:38.043Z",
"dateReserved": "2026-06-10T21:16:07.494Z",
"dateUpdated": "2026-06-23T16:16:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-53817",
"date": "2026-07-08",
"epss": "0.00309",
"percentile": "0.22741"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-53817\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-06-11T21:16:23.960\",\"lastModified\":\"2026-06-17T10:58:03.370\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.\"}],\"affected\":[{\"source\":\"disclosure@vulncheck.com\",\"affectedData\":[{\"vendor\":\"OpenClaw\",\"product\":\"OpenClaw\",\"defaultStatus\":\"unaffected\",\"repo\":\"https://github.com/openclaw/openclaw\",\"packageURL\":\"pkg:npm/openclaw\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"2026.5.22\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"2026.5.22\",\"versionType\":\"semver\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-12T00:00:00+00:00\",\"id\":\"CVE-2026-53817\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2026.5.22\",\"matchCriteriaId\":\"FC14E998-7770-4FC3-9026-E9832436E3E7\"}]}]}],\"references\":[{\"url\":\"https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.vulncheck.com/advisories/openclaw-control-ui-locality-spoofing-in-device-pairing\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-53817\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-12T15:25:47.566759Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-12T15:25:52.770Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"OpenClaw \u003c 2026.5.22 - Control UI Locality Spoofing in Device Pairing\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"cantinagen\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/openclaw/openclaw\", \"vendor\": \"OpenClaw\", \"product\": \"OpenClaw\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2026.5.22\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"2026.5.22\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:npm/openclaw\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-05-28T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw\", \"name\": \"GitHub Security Advisory (GHSA-chr9-m4q2-76hw)\", \"tags\": [\"vendor-advisory\", \"patch\"]}, {\"url\": \"https://www.vulncheck.com/advisories/openclaw-control-ui-locality-spoofing-in-device-pairing\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-290\", \"description\": \"Authentication Bypass by Spoofing\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2026.5.22\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-06-11T20:09:38.043Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-53817\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-13T03:55:43.050Z\", \"dateReserved\": \"2026-06-10T21:16:07.494Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-06-11T20:09:38.043Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-53817
Vulnerability from fkie_nvd - Published: 2026-06-11 21:16 - Updated: 2026-06-17 10:58| URL | Tags | ||
|---|---|---|---|
| disclosure@vulncheck.com | https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw | Mitigation, Vendor Advisory | |
| disclosure@vulncheck.com | https://www.vulncheck.com/advisories/openclaw-control-ui-locality-spoofing-in-device-pairing | Third Party Advisory |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"repo": "https://github.com/openclaw/openclaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.5.22",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.5.22",
"versionType": "semver"
}
]
}
],
"source": "disclosure@vulncheck.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FC14E998-7770-4FC3-9026-E9832436E3E7",
"versionEndExcluding": "2026.5.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation."
}
],
"id": "CVE-2026-53817",
"lastModified": "2026-06-17T10:58:03.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-53817",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-11T21:16:23.960",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-control-ui-locality-spoofing-in-device-pairing"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
GHSA-CHR9-M4Q2-76HW
Vulnerability from github – Published: 2026-07-02 16:04 – Updated: 2026-07-02 16:04Summary
In affected LAN/shared-token Control UI deployments, a caller could spoof locality information used during Control UI pairing and obtain a durable admin-capable device token.
This issue is limited to deployments where the caller already has the network/authentication foothold needed to reach the Control UI pairing path. It is not an unauthenticated internet exposure issue.
Affected configurations
This affects configurations such as LAN-bound gateways or shared-token Control UI access where locality signals were accepted as sufficient for pairing decisions.
Impact
A temporary or shared Control UI access path could be turned into a persistent admin device token. That token could remain useful after the shared gateway token was rotated, unless the paired device was removed.
The issue is a pairing/locality validation problem: locality-derived trust was stronger than it should have been.
Patched Versions
The first stable patched version is 2026.5.22.
Mitigations
Upgrade to openclaw@2026.5.22 or later. For older deployments, remove unexpected paired devices and avoid exposing Control UI pairing paths on networks with untrusted clients.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.5.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53817"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-287",
"CWE-290",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T16:04:35Z",
"nvd_published_at": "2026-06-11T21:16:23Z",
"severity": "HIGH"
},
"details": "### Summary\n\nIn affected LAN/shared-token Control UI deployments, a caller could spoof locality information used during Control UI pairing and obtain a durable admin-capable device token.\n\nThis issue is limited to deployments where the caller already has the network/authentication foothold needed to reach the Control UI pairing path. It is not an unauthenticated internet exposure issue.\n\n### Affected configurations\n\nThis affects configurations such as LAN-bound gateways or shared-token Control UI access where locality signals were accepted as sufficient for pairing decisions.\n\n### Impact\n\nA temporary or shared Control UI access path could be turned into a persistent admin device token. That token could remain useful after the shared gateway token was rotated, unless the paired device was removed.\n\nThe issue is a pairing/locality validation problem: locality-derived trust was stronger than it should have been.\n\n### Patched Versions\n\nThe first stable patched version is `2026.5.22`.\n\n### Mitigations\n\nUpgrade to `openclaw@2026.5.22` or later. For older deployments, remove unexpected paired devices and avoid exposing Control UI pairing paths on networks with untrusted clients.",
"id": "GHSA-chr9-m4q2-76hw",
"modified": "2026-07-02T16:04:35Z",
"published": "2026-07-02T16:04:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53817"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-control-ui-locality-spoofing-in-device-pairing"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Control UI locality spoofing could mint a durable admin device token"
}
WID-SEC-W-2026-1738
Vulnerability from csaf_certbund - Published: 2026-05-28 22:00 - Updated: 2026-06-16 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenClaw
Open Source
|
cpe:/a:openclaw:openclaw:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenClaw ist ein pers\u00f6nlicher KI-Assistent zur Ausf\u00fchrung auf eigenen Ger\u00e4ten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um Sicherheitsmechanismen zu umgehen, erh\u00f6hte Berechtigungen zu erlangen, Informationen offenzulegen, Konfigurationen zu manipulieren, beliebige Befehle oder Code auszuf\u00fchren sowie interne Systeme \u00fcber SSRF anzugreifen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1738 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1738.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1738 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1738"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-24vr-rprv-67rf vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-24vr-rprv-67rf"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2hfg-4fh4-qp7f vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hfg-4fh4-qp7f"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2j8v-hwgc-x698 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2j8v-hwgc-x698"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3c6j-hq33-3jv4 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3wqp-prf6-2m72 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3wqp-prf6-2m72"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4hpg-mp64-x7xq vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hpg-mp64-x7xq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4m3v-q747-pc6h vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4m3v-q747-pc6h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5cj2-3jr2-5h77 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5cj2-3jr2-5h77"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-68xw-r643-9p5w vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68xw-r643-9p5w"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6c4r-g249-wv3c vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6fvr-66p3-3qj4 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6fvr-66p3-3qj4"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-72fw-cqh5-f324 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-72fw-cqh5-f324"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-77pv-3w4q-vrj5 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77pv-3w4q-vrj5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-77q5-rr5v-x43q vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77q5-rr5v-x43q"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-7hxm-f538-3xp6 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7hxm-f538-3xp6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-83w9-h5wv-j9xm vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-83w9-h5wv-j9xm"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8c59-hr4w-qg69 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8c59-hr4w-qg69"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8j37-5w68-wj2g vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8j37-5w68-wj2g"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8mg9-j9cf-54cj vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8mg9-j9cf-54cj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8wg3-5mcm-fjq8 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8wg3-5mcm-fjq8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-985f-72mj-8gf7 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-985f-72mj-8gf7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-9v8j-9c9g-w66c vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9v8j-9c9g-w66c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c226-q6fx-6j6c vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c226-q6fx-6j6c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c29c-2q9c-pc86 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c29c-2q9c-pc86"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-ccwh-wwpp-6wg5 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-ccwh-wwpp-6wg5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-chr9-m4q2-76hw vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cqwv-9qjx-vxw2 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cqwv-9qjx-vxw2"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cw4q-gqg5-g38h vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cw4q-gqg5-g38h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cwpp-5962-q4f6 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwpp-5962-q4f6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f397-5vjw-v2c2 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f397-5vjw-v2c2"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-fcvx-5cxc-v5p8 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-fq9j-vw4w-fr6v vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fq9j-vw4w-fr6v"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gp79-m99v-gjmh vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gp79-m99v-gjmh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-grc3-2j34-p6gm vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-grc3-2j34-p6gm"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gxg4-2rrr-jhc7 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gxg4-2rrr-jhc7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-hcm3-8f6r-6xwg vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hcm3-8f6r-6xwg"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-hw9r-h9mr-4jff vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hw9r-h9mr-4jff"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-jvm4-4j77-39p6 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jvm4-4j77-39p6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mgq6-vr84-7m2j vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mgq6-vr84-7m2j"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mhq8-78pj-5j79 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mhq8-78pj-5j79"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mpc8-jxjh-qpgh vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mpc8-jxjh-qpgh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p2fh-f5fc-44hr vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p2fh-f5fc-44hr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p39j-x9h5-q66m vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p39j-x9h5-q66m"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p73f-w79w-jqr5 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p73f-w79w-jqr5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-q7q8-3mgw-q67r vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q7q8-3mgw-q67r"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-q99w-vh6v-q3v7 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q99w-vh6v-q3v7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qh2f-99mv-mrcf vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qh2f-99mv-mrcf"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qjpc-qf9m-xwmr vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qjpc-qf9m-xwmr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rggc-m335-3wvj vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rggc-m335-3wvj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rj6p-xmxr-qj4h vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rj6p-xmxr-qj4h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rjxq-qqhf-8hwh vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rjxq-qqhf-8hwh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rwp6-7w3q-75fq vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rwp6-7w3q-75fq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rx78-29qr-5hq8 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rx78-29qr-5hq8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v2ww-5rh7-2h5v vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v2ww-5rh7-2h5v"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v6r2-jh58-xx6w vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6r2-jh58-xx6w"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v8cx-933x-r976 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8cx-933x-r976"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-vxx3-6hc9-7cc3 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vxx3-6hc9-7cc3"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w4v6-g3wm-w36c vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w4v6-g3wm-w36c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w5ww-7chg-mxcq vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w5ww-7chg-mxcq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w9hf-3pp7-pvxv vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9hf-3pp7-pvxv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-wc84-j36w-pw4x vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wc84-j36w-pw4x"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-wv26-j37q-2g7p vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wv26-j37q-2g7p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-x629-46cc-7xgw vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xww8-gqvh-92x9 vom 2026-05-28",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9"
}
],
"source_lang": "en-US",
"title": "OpenClaw: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T08:39:59.506+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1738",
"initial_release_date": "2026-05-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: CVE-2026-35673, GHSA-7339-549C-W53J, CVE-2026-32906, EUVD-2026-33333, CVE-2026-34507, EUVD-2026-33334, CVE-2026-35630, EUVD-2026-33335, CVE-2026-35674, GHSA-9WCX-Q3FH-QG43, EUVD-2026-33337, EUVD-2026-33336"
},
{
"date": "2026-06-11T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: CVE-2026-53818, EUVD-2026-36324, CVE-2026-53814, EUVD-2026-36320, CVE-2026-53815, EUVD-2026-36321, CVE-2026-53819, EUVD-2026-36325, CVE-2026-53817, EUVD-2026-36323, CVE-2026-53816, EUVD-2026-36322, CVE-2026-53810, EUVD-2026-36316, CVE-2026-53809, EUVD-2026-36315, CVE-2026-53808, EUVD-2026-36314, CVE-2026-53807, EUVD-2026-36313, CVE-2026-53806, EUVD-2026-36312, CVE-2026-53811, EUVD-2026-36317, CVE-2026-53812, EUVD-2026-36318, CVE-2026-53813, EUVD-2026-36319"
},
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: CVE-2026-53837, EUVD-2026-36625, CVE-2026-53834, EUVD-2026-36622, CVE-2026-53833, EUVD-2026-36621, CVE-2026-53832, EUVD-2026-36620, CVE-2026-53831, EUVD-2026-36619, CVE-2026-53823, EUVD-2026-36611, CVE-2026-53838, EUVD-2026-36626, CVE-2026-53822, EUVD-2026-36610, CVE-2026-53839, EUVD-2026-36627, CVE-2026-53821, EUVD-2026-36609, CVE-2026-53829, GHSA-92QJ-8G54-QMPH, CVE-2026-53825, EUVD-2026-36613, EUVD-2026-36617, CVE-2026-53828, EUVD-2026-36616, CVE-2026-53826, EUVD-2026-36614, CVE-2026-53827, EUVD-2026-36615, CVE-2026-53824, EUVD-2026-36612, CVE-2026-53820, EUVD-2026-36608, CVE-2026-53835, EUVD-2026-36623"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: CVE-2026-53858, EUVD-2026-37160, CVE-2026-53859, EUVD-2026-37161, CVE-2026-53860, EUVD-2026-37162, CVE-2026-53842, EUVD-2026-37144, CVE-2026-53852, EUVD-2026-37154, CVE-2026-53866, EUVD-2026-37168, CVE-2026-53847, EUVD-2026-37149, CVE-2026-53854, EUVD-2026-37156, CVE-2026-53850, EUVD-2026-37152, CVE-2026-53863, EUVD-2026-37165, GHSA-58WC-8WRV-XP9J, GHSA-4QGR-57JQ-93VH, CVE-2026-53861, EUVD-2026-37163, CVE-2026-53843, EUVD-2026-37145, CVE-2026-53848, EUVD-2026-37150, CVE-2026-53841, EUVD-2026-37143, CVE-2026-53853, EUVD-2026-37155, CVE-2026-53840, EUVD-2026-37142, CVE-2026-53865, EUVD-2026-37167, CVE-2026-53849, EUVD-2026-37151, CVE-2026-53862, EUVD-2026-37164, CVE-2026-53855, EUVD-2026-37157, CVE-2026-53846, EUVD-2026-37148, CVE-2026-53857, EUVD-2026-37159, CVE-2026-53856, EUVD-2026-37158, CVE-2026-53864, EUVD-2026-37166, CVE-2026-53851, EUVD-2026-37153, CVE-2026-53844, EUVD-2026-37146, CVE-2026-53845, EUVD-2026-37147"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source OpenClaw",
"product": {
"name": "Open Source OpenClaw",
"product_id": "T051276",
"product_identification_helper": {
"cpe": "cpe:/a:openclaw:openclaw:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32906",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-32906"
},
{
"cve": "CVE-2026-34507",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-34507"
},
{
"cve": "CVE-2026-35630",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-35630"
},
{
"cve": "CVE-2026-35673",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-35673"
},
{
"cve": "CVE-2026-35674",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-35674"
},
{
"cve": "CVE-2026-53806",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53806"
},
{
"cve": "CVE-2026-53807",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53807"
},
{
"cve": "CVE-2026-53808",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53808"
},
{
"cve": "CVE-2026-53809",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53809"
},
{
"cve": "CVE-2026-53810",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53810"
},
{
"cve": "CVE-2026-53811",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53811"
},
{
"cve": "CVE-2026-53812",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53812"
},
{
"cve": "CVE-2026-53813",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53813"
},
{
"cve": "CVE-2026-53814",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53814"
},
{
"cve": "CVE-2026-53815",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53815"
},
{
"cve": "CVE-2026-53816",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53816"
},
{
"cve": "CVE-2026-53817",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53817"
},
{
"cve": "CVE-2026-53818",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53818"
},
{
"cve": "CVE-2026-53819",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53819"
},
{
"cve": "CVE-2026-53820",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53820"
},
{
"cve": "CVE-2026-53821",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53821"
},
{
"cve": "CVE-2026-53822",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53822"
},
{
"cve": "CVE-2026-53823",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53823"
},
{
"cve": "CVE-2026-53824",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53824"
},
{
"cve": "CVE-2026-53825",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53825"
},
{
"cve": "CVE-2026-53826",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53826"
},
{
"cve": "CVE-2026-53827",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53827"
},
{
"cve": "CVE-2026-53828",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53828"
},
{
"cve": "CVE-2026-53829",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53829"
},
{
"cve": "CVE-2026-53831",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53831"
},
{
"cve": "CVE-2026-53832",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53832"
},
{
"cve": "CVE-2026-53833",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53833"
},
{
"cve": "CVE-2026-53834",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53834"
},
{
"cve": "CVE-2026-53835",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53835"
},
{
"cve": "CVE-2026-53837",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53837"
},
{
"cve": "CVE-2026-53838",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53838"
},
{
"cve": "CVE-2026-53839",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53839"
},
{
"cve": "CVE-2026-53840",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53840"
},
{
"cve": "CVE-2026-53841",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53841"
},
{
"cve": "CVE-2026-53842",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53842"
},
{
"cve": "CVE-2026-53843",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53843"
},
{
"cve": "CVE-2026-53844",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53844"
},
{
"cve": "CVE-2026-53845",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53845"
},
{
"cve": "CVE-2026-53846",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53846"
},
{
"cve": "CVE-2026-53847",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53847"
},
{
"cve": "CVE-2026-53848",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53848"
},
{
"cve": "CVE-2026-53849",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53849"
},
{
"cve": "CVE-2026-53850",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53850"
},
{
"cve": "CVE-2026-53851",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53851"
},
{
"cve": "CVE-2026-53852",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53852"
},
{
"cve": "CVE-2026-53853",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53853"
},
{
"cve": "CVE-2026-53854",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53854"
},
{
"cve": "CVE-2026-53855",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53855"
},
{
"cve": "CVE-2026-53856",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53856"
},
{
"cve": "CVE-2026-53857",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53857"
},
{
"cve": "CVE-2026-53858",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53858"
},
{
"cve": "CVE-2026-53859",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53859"
},
{
"cve": "CVE-2026-53860",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53860"
},
{
"cve": "CVE-2026-53861",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53861"
},
{
"cve": "CVE-2026-53862",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53862"
},
{
"cve": "CVE-2026-53863",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53863"
},
{
"cve": "CVE-2026-53864",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53864"
},
{
"cve": "CVE-2026-53865",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53865"
},
{
"cve": "CVE-2026-53866",
"product_status": {
"known_affected": [
"T051276"
]
},
"release_date": "2026-05-28T22:00:00.000+00:00",
"title": "CVE-2026-53866"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.