Privilege escalation in Openclaw
CVE-2026-53862
OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing a…
CVSS v3 metric
CVSS v3 base score 4.2 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N.
Affected products
- Openclaw — versions 0, 2026.5.12
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-53862?
- CVE-2026-53862 is a medium-severity vulnerability in Openclaw, classified under Incorrect Privilege Assignment. CVSS score: 4.2/10. Published 2026-06-16.
- How severe is CVE-2026-53862?
- Medium severity. CVSS v3 base score is 4.2 out of 10.