Locality Validation Vulnerability in OpenClaw Control UI by OpenClaw
CVE-2026-53817
8.7HIGH
What is CVE-2026-53817?
OpenClaw versions prior to 2026.5.22 are vulnerable to a locality validation flaw in their Control UI pairing process, which allows attackers with network access to spoof locality information. This exploitation can lead to the acquisition of durable administrative device tokens. By circumventing the locality-derived trust validation, hackers can transform temporary shared access into persistent administrative credentials that withstand token rotations, posing a serious security risk.
Affected Version(s)
OpenClaw 0 < 2026.5.22
OpenClaw 2026.5.22
