CVE-2026-53841

Summary

OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.5.12affected
OpenClawOpenClaw2026.5.12unaffected

Weaknesses

  • CWE-83: Improper Neutralization of Script in Attributes in a Web Page

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References