CVE-2026-53841
Received Received - Intake
Cross-Site Scripting in OpenClaw Session Export

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: VulnCheck

Description
OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-53841
EUVD
EUVD-2026-37143
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-83 The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-53841 is a cross-site scripting (XSS) vulnerability in OpenClaw versions before 2026.5.12. It occurs because exported session HTML files preserve unsafe javascript: and data: links in markdown content. When a trusted operator opens such an exported file and activates a malicious link, an attacker can execute arbitrary browser-side scripts.

This vulnerability is categorized under CWE-79 and CWE-83, which involve improper neutralization of input during web page generation, leading to XSS risks.

Impact Analysis

If exploited, this vulnerability allows attackers to execute arbitrary scripts in the browser of a trusted operator who opens a maliciously crafted exported session HTML file. This can lead to unauthorized actions performed in the context of the trusted user, potentially compromising sensitive data or system integrity.

The attack requires user interaction, specifically the trusted operator opening the exported file and activating the malicious link.

Mitigations include avoiding opening exported session HTML files from untrusted sources in privileged browser profiles and disabling the affected feature when not needed.

Detection Guidance

This vulnerability involves unsafe javascript: and data: links preserved in exported session HTML files generated by OpenClaw before version 2026.5.12.

Detection can focus on inspecting exported session HTML files for the presence of these unsafe links.

You can search for occurrences of "javascript:" or "data:" links within exported HTML files using commands like:

  • grep -iE 'javascript:|data:' /path/to/exported/session/files/*.html

Additionally, monitoring user activity for opening exported session HTML files and checking for suspicious links inside those files can help detect potential exploitation attempts.

Mitigation Strategies

To mitigate this vulnerability, upgrade OpenClaw to version 2026.5.12 or later, where the issue is patched.

If upgrading immediately is not possible, avoid opening exported session HTML files from untrusted sources, especially in privileged browser profiles.

Disabling the feature that exports session HTML files when not needed can also reduce risk.

Educate trusted operators to be cautious when opening exported session files and to avoid clicking on suspicious links.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53841. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart