CVE-2026-53862

Vulnerability

OpenClaw before version 2026.5.12 contains a bootstrap token replay vulnerability [1][2]. When the affected feature is enabled, a caller with access to a pending bootstrap token can reuse that token before approval with a broader requested scope set. This allows the caller to request more extensive pairing permissions than originally intended.

Exploitation

An attacker must have access to a pending bootstrap token, which could occur through network access or local user interaction. The attacker then replays the token with a broader requested scope before the approval process completes, effectively escalating the pairing authority. The CVSS vector indicates the attack complexity is high and requires user interaction ([2]).

Impact

Successful exploitation can present or retain broader pending pairing authority than intended, potentially leading to unauthorized pairing operations. The impact is limited to confidentiality and integrity at a low level, with no availability impact ([2]). Practical impact depends on the operator's configuration and whether lower-trust input can reach the affected path.

Mitigation

The vulnerability is fixed in OpenClaw version 2026.5.12 [1]. As a workaround, treat pairing codes as sensitive and cancel unexpected pending pairings until patched. Additional mitigations include keeping channel and tool allowlists narrow, avoiding sharing a Gateway between mutually untrusted users, and disabling the affected feature when not needed [1].