Description
OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.
Published: 2026-06-16
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.5.12 suffer a bootstrap token replay flaw. A caller that owns a pending bootstrap token can replay the same token with a different, broader scope before the server approves it. This allows the attacker to gain pairing authority that exceeds the limits originally intended for that token, effectively elevating privileges. The vulnerability is mapped to credential management and replay weaknesses (CWE‑266 and CWE‑345).

Affected Systems

The affected product is OpenClaw, open‑source platform for secure pairing, in all releases before 2026.5.12. No other version or build information is supplied beyond the stated cutoff.

Risk and Exploitability

The flaw carries a CVSS score of 2.3, classifying it as low severity, and its EPSS score is under 1 %, indicating a very low likelihood of exploitation. It is not listed in the CISA KEV catalog. Exploitation requires possession of a pending bootstrap token; the attacker can replay that token before approval to widen the requested scope. The attack vector appears to be internal or local to the system that issues bootstrap tokens, as the advisory does not describe remote access requirements. Because the exploit relies on manipulating token data, it is likely limited to parties with access to the token issuance or transmission process.

Generated by OpenCVE AI on June 17, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.12 or newer.
  • Ensure that any pending bootstrap tokens cannot be replayed with expanded scopes; modify the token validation logic to reject such attempts.
  • If upgrading is not immediately possible, monitor token activity and enforce that bootstrap tokens are only accepted after explicit approval.

Generated by OpenCVE AI on June 17, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9v8j-9c9g-w66c OpenClaw: Bootstrap token replay could widen pending pairing scopes
History

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.
Title OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-266
CWE-345
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-16T18:36:00.802Z

Reserved: 2026-06-10T21:22:34.480Z

Link: CVE-2026-53862

cve-icon Vulnrichment

Updated: 2026-06-16T18:35:56.524Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:17:04.160

Modified: 2026-06-16T20:42:46.200

Link: CVE-2026-53862

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T19:30:11Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-345

    Insufficient Verification of Data Authenticity