OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions
CVE-2026-53812

4.9MEDIUM

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 11 June 2026

What is CVE-2026-53812?

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered redirects and subsequently read restricted page content using browser evaluation capabilities.

Affected Version(s)

OpenClaw 0 < 2026.5.18

OpenClaw 2026.5.18

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisorypatch

https://www.vulncheck.com/advisories/openclaw-private-net...

third-party-advisory

CVSS V4

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

cantinagen

Ellahi (@Ellahinator)

CVE-2026-53812 Data

JSON

Openclaw

What is CVE-2026-53812?

Affected Version(s)

References

CVSS V4

Timeline

Credit