Identity Header Forgery Vulnerability in OpenClaw by OpenClaw
CVE-2026-53832

7.4HIGH

Key Information:

Vendor

Openclaw

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-53832?

OpenClaw versions prior to 2026.5.18 are susceptible to an identity header validation vulnerability. This flaw allows local same-host attackers to manipulate trusted-proxy identity headers, which can lead to unauthorized privilege escalation. If an attacker gains access to the proxy-facing Gateway port, they can submit forged identity headers to impersonate authorized operators, potentially compromising system integrity and security.

Affected Version(s)

OpenClaw 0 < 2026.5.18

OpenClaw 2026.5.18

References

CVSS V4

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

cantinagen
Ellahi (@Ellahinator)
.