CVE-2026-53840

Vulnerability

OpenClaw versions before 2026.5.12 contain an information disclosure vulnerability in the streamable-http MCP server transport. When an MCP server is configured with custom headers (e.g., API keys, tenant-routing credentials) under mcp.servers.*.headers, and the server responds with a cross-origin redirect, those custom headers are forwarded to the redirect target. This affects deployments where transportType is set to "streamable-http" and custom headers are used. [1][2]

Exploitation

An attacker must control or compromise an MCP endpoint that is configured by the operator with custom headers. The attacker then causes the endpoint to issue an HTTP redirect to an attacker-controlled origin. The OpenClaw client automatically follows the redirect and forwards the custom headers to the new origin, exfiltrating the sensitive data. No user interaction is required beyond the initial server configuration. [1]

Impact

Successful exploitation exposes the configured custom headers to the attacker. These headers often contain sensitive credentials such as API keys or tenant-routing tokens. The scope of compromise depends on the privileges associated with the exposed credentials. This could lead to unauthorized access to downstream services or data if the credentials are reused. [1][2]

Mitigation

The issue is fixed in OpenClaw version 2026.5.12. Users should upgrade immediately. As a workaround, avoid using custom headers with untrusted MCP servers and rotate any credentials that may have been exposed. No KEV listing has been reported at this time. [1][2]