VYPR
← All advisories
Medium severity6.5NVD Advisory· Published Jun 12, 2026

CVE-2026-53839

CVE-2026-53839

Description

OpenClaw before 2026.5.7 validates retry endpoint hostnames by prefix matching, allowing an attacker to send authentication material to untrusted endpoints.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenClaw before 2026.5.7 validates retry endpoint hostnames by prefix matching, allowing an attacker to send authentication material to untrusted endpoints.

Vulnerability

OpenClaw versions before 2026.5.7 contain a hostname validation vulnerability in the retry endpoint checks. The validation logic incorrectly matches hostname prefixes instead of requiring exact hostname matches [1][2]. This affects the trusted retry endpoint feature, which is enabled by default in configurations that use retry logic.

Exploitation

An attacker with lower-trust input access (e.g., an authenticated Gateway operator or a plugin that can influence retry endpoint URLs) can craft a hostname prefix that resembles a trusted host. For example, a prefix like trusted-host.example.com.evil.com would pass validation if the trusted host is trusted-host.example.com [1]. No user interaction beyond the attacker's initial access is required, and the exploit does not require network position outside the Gateway's environment.

Impact

Successful exploitation allows the attacker to redirect authentication material — such as API tokens or session credentials — to an endpoint under their control, outside the intended trust boundary [1]. This leads to unauthorized credential disclosure (confidentiality breach) and potentially further compromise of the OpenClaw Gateway or connected services, depending on the exposed material. The compromise scope is limited to the affected feature and configuration, and does not bypass OpenClaw's broader trusted-operator model [1].

Mitigation

The first stable patched version is 2026.5.7, released on an undisclosed date prior to the advisory publication [1]. Operators unable to update immediately should pin retry endpoints to exact trusted origins, narrow channel and tool allowlists, avoid sharing a Gateway between mutually untrusted users, and disable the affected feature when it is not needed [1]. No workaround fully replaces the patch, but these mitigations reduce risk until an update can be applied.

References

[1] GitHub Advisory GHSA-77q5-rr5v-x43q [2] VulnCheck Advisory

References
  1. Trusted retry endpoint checks could match hostname prefixes
  2. OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

AI Insight generated on Jun 12, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • OpenClaw/Openclawinferred2 versions
    <2026.5.7+ 1 more
    • (no CPE)range: <2026.5.7
    • (no CPE)range: <2026.5.7

Patches

1
eeef4864494f

test(release): align stable onboarding npm prompt

https://github.com/OpenClaw/OpenClawPeter SteinbergerMay 7, 2026Fixed in 2026.5.7via release-tag
commit
1 file changed · +1 1
  • src/commands/onboarding-plugin-install.test.ts+1 1 modified
    @@ -317,7 +317,7 @@ describe("ensureOnboardingPluginInstalled", () => {
     });
 
     expect(captured?.options).toEqual([
-      { value: "npm", label: "Download from npm (@demo/plugin@beta)" },
+      { value: "npm", label: "Download from npm (@demo/plugin)" },
       { value: "skip", label: "Skip for now" },
     ]);
     expect(captured?.initialValue).toBe("npm");

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

2

News mentions

0

No linked articles in our index yet.