CVE Catalog

CVE-2026-53852

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

OpenClaw before version 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests.

Risk Assessment

Attackers can exploit this vulnerability by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access.

Recommendation

It is recommended to update OpenClaw to version 2026.4.25 or later to mitigate this vulnerability and to implement additional verification mechanisms for re-pairing requests.

Original NVD description (English source)

OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS