CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-53817

highCVSS 8covered by 1 sourcefirst seen 2026-07-02
Summary In affected LAN/shared-token Control UI deployments, a caller could spoof locality information used during Control UI pairing and obtain a durable admin-capable device token. This issue is limited to deployments where the caller already has the network/authentication foothold needed to reach the Control UI pairing path. It is not an unauthenticated internet exposure issue. Affected configurations This affects configurations such as LAN-bound gateways or shared-token Control UI access where locality signals were accepted as sufficient for pairing decisions. Impact A temporary or shared Control UI access path could be turned into a persistent admin device token. That token could remain useful after the shared gateway token was rotated, unless the paired device was removed. The issue is a pairing/locality validation problem: locality-derived trust was stronger than it should have been. Patched Versions The first stable patched version is 2026.5.22. Mitigations Upgrade to openclaw@2026.5.22 or later. For older deployments, remove unexpected paired devices and avoid exposing Control UI pairing paths on networks with untrusted clients.

⚡ Watch CVE-2026-53817

Get an email if CVE-2026-53817 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-53817

CVE.org record

Embed the live status

CVE-2026-53817 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-53817 status](https://www.csirts.com/badge/CVE-2026-53817)](https://www.csirts.com/cve/CVE-2026-53817)