Loading market data...
← Back to CVE feed

CVE-2026-53862

MEDIUM CVSS 4.2 View on NVD ↗

Description

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Published: Jun 16, 2026 19:17 UTC Modified: Jun 16, 2026 20:42 UTC