CVE Catalog

CVE-2026-53859

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

OpenClaw before version 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs.

Risk Assessment

Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

Recommendation

It is recommended to update OpenClaw to version 2026.5.26 or later to mitigate this vulnerability and review hostname policies to ensure their effectiveness.

Original NVD description (English source)

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS