CVE-2026-53827
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
OpenClaw before version 2026.5.2 contains a credential exposure vulnerability in message.action forwarding, allowing action payloads with Gateway credentials to be forwarded to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.
Risk Assessment
Organizations may be exposed to the interception of sensitive data, such as Gateway tokens, which could lead to unauthorized access to systems and data. Credential exposure can result in serious security implications.
Recommendation
It is recommended to update OpenClaw to version 2026.5.2 or later to mitigate this vulnerability. Additionally, monitoring and restricting access to action metadata should be implemented to minimize risk.
Original NVD description (English source)
OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.

