Bootstrap Token Replay Vulnerability in OpenClaw by OpenClaw
CVE-2026-53862

2.3LOW

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-53862?

OpenClaw versions prior to 2026.5.12 are susceptible to a bootstrap token replay vulnerability. This flaw enables malicious actors to exploit pending token approvals, allowing them to reuse bootstrap tokens with wider requested scopes. As a result, attackers can gain unauthorized escalation of pairing authority, potentially leading to significant security breaches. It’s essential for users to update to the latest version to mitigate this vulnerability and secure their applications.

Affected Version(s)

OpenClaw 0 < 2026.5.12

OpenClaw 2026.5.12

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/openclaw-bootstrap-t...

third-party-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

Edward-x (@YLChen-007)

CVE-2026-53862 Data

JSON