Description
OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.
Published: 2026-06-12
Score: 6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before 2026.5.2 allows model-controlled metadata to forward message.action payloads, which includes Gateway credentials, to attacker-supplied loopback URLs, thereby exposing the Gateway’s authentication tokens and the payload contents to remote attackers. The vulnerability permits unauthenticated interception of sensitive credentials and potential misuse of the Gateway service.

Affected Systems

The affected product is OpenClaw; all installations running a version earlier than 2026.5.2 are vulnerable. No additional vendor or product variants are listed.

Risk and Exploitability

The CVSS score of 6 indicates a moderate severity. EPSS information is not available, and the vulnerability is not yet listed in the CISA KEV catalog. While the description does not detail the exact attack vector, it is inferred that a remote attacker can supply a malicious loopback target through model-controlled action metadata and capture the forwarded credentials. The lack of an official patch or workaround in the advisory suggests that the primary risk lies in vulnerable systems remaining unpatched.

Generated by OpenCVE AI on June 12, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.5.2 or later, which removes the credential exposure in message.action forwarding
  • If an update is not immediately available, restrict the loopback URL mechanism to only allow internal endpoints by implementing URL whitelist or IP range restrictions so that external or arbitrary URLs cannot be used
  • Enable logging and monitoring of message.action forwarding events to detect potential abuse or unusual outbound traffic to local loopback addresses

Generated by OpenCVE AI on June 12, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.
Title OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-918
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-12T21:56:53.620Z

Reserved: 2026-06-10T21:16:58.211Z

Link: CVE-2026-53827

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:54.060

Modified: 2026-06-12T22:16:54.060

Link: CVE-2026-53827

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T23:45:26Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)