PT-2026-49042 · Openclaw · Openclaw
Edward-X
·
Published
2026-06-12
·
Updated
2026-06-12
·
CVE-2026-53838
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.5.27
Description
A state mutation issue exists in the node pairing reconnection process. This allows paired nodes to confuse approval scope decisions, enabling attackers to exploit reconnection logic to restore or present broader node authority than intended, which can lead to the bypass of approval restrictions.
Recommendations
Update to version 2026.5.27.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw