Description
OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs.
Published: 2026-06-12
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker controlling a WebSocket client to declare operator scopes that are not yet bound to the server’s trusted‑proxy authorization baseline. Because the server does not verify that the declared scope matches an approved pairing, clients that are unpaired or otherwise restricted can gain cached administrator authority. This permits execution of privileged gateway RPC calls that should be limited to system administrators.

Affected Systems

Affected vendors and products include OpenClaw OpenClaw. Versions older than 2026.5.18 are vulnerable. No specific patch level is listed beyond the upgrade to 2026.5.18 or newer.

Risk and Exploitability

The CVSS score of 8.7 indicates a high‑severity privilege escalation risk. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, so current exploitation activity is unknown. The likely attack path requires an attacker to establish a WebSocket connection to the trusted‑proxy Control UI and supply an operator scope that whispers admin privileges. If conditions are met, the attacker can invoke administrative RPCs over the live connection.

Generated by OpenCVE AI on June 12, 2026 at 23:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.18 or later.
  • Restrict WebSocket connections to verified trusted‑proxy clients and prevent unpaired users from declaring operator scopes.
  • Review existing WebSocket clients for unauthorized operator scope declarations and remove any that grant administrator privileges.

Generated by OpenCVE AI on June 12, 2026 at 23:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs.
Title OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-12T21:56:49.563Z

Reserved: 2026-06-10T21:16:07.495Z

Link: CVE-2026-53821

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:53.173

Modified: 2026-06-12T22:16:53.173

Link: CVE-2026-53821

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T02:30:06Z

Weaknesses