CVE Catalog

CVE-2026-53841

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

OpenClaw before version 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content.

Risk Assessment

Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.

Recommendation

It is recommended to update OpenClaw to version 2026.5.12 or later to mitigate this vulnerability.

Original NVD description (English source)

OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS