CVE Catalog

CVE-2026-53839

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

OpenClaw before version 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints.

Risk Assessment

Organizations may be exposed to unauthorized access to data, as attackers can impersonate trusted hosts. This increases the risk of information leakage and security breaches.

Recommendation

It is recommended to update OpenClaw to version 2026.5.7 or newer to mitigate this vulnerability. Additionally, conducting an audit of hostname configurations in the system is advisable.

Original NVD description (English source)

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS