CVE-2026-53832
7.7 HIGHOpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy id...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 7.7 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-290
Description
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate privileges.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53833 — OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders... (7.7 HIGH)
- CVE-2026-53823 — OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names (8.1 HIGH)
- CVE-2026-5792 — Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc (6.5 MEDIUM)
- CVE-2026-53817 — OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to... (8.8 HIGH)
- CVE-2026-53811 — OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts... (8.8 HIGH)