CVE-2026-53841

Vulnerability

OpenClaw versions before 2026.5.12 contain a cross-site scripting (XSS) vulnerability in the exported session HTML feature. When enabled, the feature fails to sanitize markdown links, preserving unsafe javascript: and data: URIs in the generated HTML. This allows an attacker to inject malicious links that, if clicked by a trusted operator, execute browser-side scripts. The vulnerability is classified as CWE-83 (Improper Neutralization of Script in Attributes in a Web Page) [1][2].

Exploitation

An attacker must first inject a crafted markdown link containing a javascript: or data: URI into a session that is later exported as HTML. The attacker does not require authentication but needs a way to introduce the malicious content into the session (e.g., through chat or other user input). The exported file must then be opened by a trusted operator in a browser, and the operator must click the malicious link. No additional privileges are needed on the attacker's part, but the attack relies on social engineering to trick the operator [1][2].

Impact

If successful, the attacker can execute arbitrary JavaScript in the context of the operator's browser when the exported HTML file is opened. This could lead to information disclosure, session hijacking, or further compromise depending on the operator's browser profile and privileges. The practical impact is limited by the operator's configuration and the trust model of the OpenClaw Gateway [1][2].

Mitigation

The vulnerability is fixed in OpenClaw version 2026.5.12 [1]. As a workaround, operators should avoid opening exported session HTML from untrusted content in a privileged browser profile until patched. Additional mitigations include keeping channel and tool allowlists narrow, avoiding sharing a Gateway between mutually untrusted users, and disabling the affected feature when not needed [1]. No known exploitation in the wild or KEV listing has been reported [2].