CVE-2026-53839

Summary

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.5.7affected
OpenClawOpenClaw2026.5.7unaffected

Weaknesses

  • CWE-1023: Incomplete Comparison with Missing Factors

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References