Zero Day MonitorZDM

← Back to list

8.8

CVE-2026-53843EXPLOITEDPATCHED

openclaw · openclaw

OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session

Description

OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and maintaining unauthorized access longer than intended.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	npm/openclaw: < 2026.5.26

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-q99w-vh6v-q3v7(vendor-advisory)
https://www.vulncheck.com/advisories/openclaw-node-token-revocation-bypass-via-pairing-scoped-device-session(third-party-advisory)

Related News (1 articles)

Tier C

VulDB11d ago

CVE-2026-53843 | OpenClaw up to 2026.5.25 session expiration (GHSA-q99w-vh6v-q3v7)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

openclaw@2026.5.26

CWECWE-284, CWE-863

PublishedJun 16, 2026

Last enriched11d agov2

Trending Score9

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Emerging AI Supply Chain Threat in OpenClaw's Skill Marketplace

HIGHCVE-2026-53866EXP

OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

HIGHCVE-2026-53865EXP

OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

HIGHCVE-2026-53853EXP

OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS

MEDIUMCVE-2026-53851

OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 16, 2026

Discovered by ZDM

Jun 16, 2026

Updated: severity, affectedVersions, activelyExploited

Jun 16, 2026

Actively Exploited

Jun 18, 2026

Patch Available

Jun 18, 2026

Version History

v2

Last enriched 11d ago

v2Tier C11d ago

Updated severity to CRITICAL, added affected version 2026.5.25, and noted that no exploit is available.

severityaffectedVersionsactivelyExploited

via VulDB

v111d ago

Initial creation