CVE-2026-53852
Received Received - Intake
Scope Bypass in OpenClaw via Empty-Scope Re-Pairing

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: VulnCheck

Description
OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-53852
EUVD
EUVD-2026-37154
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.25 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-636 When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-53852 is a scope containment bypass vulnerability in OpenClaw versions before 2026.4.25. It occurs during device re-pairing when authenticated operators submit re-pairing requests with empty scope sets. This allows them to bypass the intended containment guards and restore or retain broader device access scopes than intended.

The vulnerability specifically affects the device re-pairing feature and can confuse the scope containment logic, enabling unauthorized access retention. It does not affect the overall trusted-operator model but can be exploited if the feature is enabled and accessible.

Impact Analysis

This vulnerability can allow attackers who are authenticated operators to bypass scope restrictions during device re-pairing, enabling them to retain unauthorized access to devices. This means that even after re-pairing attempts, unauthorized device access can persist.

The practical impact depends on the operator's configuration and whether lower-trust input can reach the vulnerable re-pairing path. If exploited, it could lead to broader access than intended, potentially compromising device security.

Mitigations include revoking unexpected device sessions, requiring fresh pairing for suspicious devices, keeping allowlists narrow, avoiding sharing Gateways between untrusted users, and disabling the affected feature if not needed.

Detection Guidance

Detection of this vulnerability involves monitoring for device re-pairing requests that contain empty scope sets, as these requests bypass the intended scope containment.

Since the vulnerability is specific to the device re-pairing feature in OpenClaw versions prior to 2026.4.25, you can inspect logs or network traffic for re-pairing requests with empty scope parameters.

No specific commands are provided in the available resources, but general approaches include:

  • Review OpenClaw device re-pairing logs for entries where the scope set is empty.
  • Use network monitoring tools (e.g., tcpdump, Wireshark) to capture and filter re-pairing requests and check for empty scope fields.
  • Audit authenticated operator actions related to device re-pairing to identify suspicious empty-scope requests.
Mitigation Strategies

Immediate mitigation steps include upgrading OpenClaw to version 2026.4.25 or later, where the vulnerability is patched.

Until the patch can be applied, it is recommended to revoke unexpected device sessions and require fresh pairing for suspicious devices.

Additional hardening measures include:

  • Keep channel and tool allowlists narrow to limit exposure.
  • Avoid sharing one Gateway between mutually untrusted users.
  • Disable the affected device re-pairing feature if it is not needed.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53852. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart