Openclaw · Openclaw · CVE-2026-53839
**Name of the Vulnerable Software and Affected Versions**
OpenClaw versions prior to 2026.5.7
**Description**
An issue exists in the retry endpoint checks where hostname validation allows matching hostname prefixes instead of requiring exact hostnames. This allows attackers to craft a hostname prefix that resembles a trusted host, potentially leading to the transmission of authentication material to untrusted endpoints.
**Recommendations**
Update to version 2026.5.7.