How is CVE-2026-53821 exploited?

Network reachability (required): The vulnerable WebSocket endpoint is exposed over the network, so an attacker must be able to reach the OpenClaw Control UI service remotely. Authentication (required): The attacker must hold at least a low-privilege account sufficient to establish an initial WebSocket connection; no admin credentials are needed to trigger the scope elevation. Victim interaction (not-required): No user interaction is needed; the attacker sends a crafted WebSocket message directly to the server without involving any other user. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no race conditions, special memory layout, or other environmental prerequisites.

What is the impact of CVE-2026-53821?

Reads any data accessible to operator.admin authority, including gateway configuration, routing rules, and connection metadata. Executes admin-gated Gateway RPCs to modify persisted gateway state, reconfigure routing, or add and remove trusted-proxy entries. Crashes or degrades the affected OpenClaw gateway service by issuing destructive admin commands over the elevated WebSocket session. Establishes a persistent foothold on the live WebSocket connection that survives for the duration of the session without re-authentication.

Back to search

HIGHCVE-2026-53821Published 2026-06-12Modified 2026-06-15CNA VulnCheck

CVE-2026-53821: OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket

Q: What is CVE-2026-53821?

This is a scope elevation (privilege escalation) vulnerability in OpenClaw's trusted-proxy Control UI WebSocket interface, affecting all versions before 2026.5.18. The flaw is reachable over the network and requires only a low-privilege account: an unpaired or restricted trusted-proxy client can send a WebSocket message declaring elevated operator scopes, and OpenClaw accepts them before verifying server-approved authorization, allowing the client to cache operator.admin authority on a live connection. Successful exploitation gives the attacker full admin-gated Gateway RPC access, enabling reads, writes, and disruption of the affected service. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-53821 fixed?

A patched-image rebuild pinned to OpenClaw 2026.5.18 becomes available through HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: 2026.5.18
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a scope elevation (privilege escalation) vulnerability in OpenClaw's trusted-proxy Control UI WebSocket interface, affecting all versions before 2026.5.18. The flaw is reachable over the network and requires only a low-privilege account: an unpaired or restricted trusted-proxy client can send a WebSocket message declaring elevated operator scopes, and OpenClaw accepts them before verifying server-approved authorization, allowing the client to cache operator.admin authority on a live connection. Successful exploitation gives the attacker full admin-gated Gateway RPC access, enabling reads, writes, and disruption of the affected service. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53821 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle OpenClaw. Any image carrying an OpenClaw version below 2026.5.18 is flagged automatically.

Available

Triage

HarborGuard scores this finding at CVSS 8.7 (HIGH) using the published v4.0 vector and weights it against each environment's compliance policy to prioritize routing. Triage tickets are delivered to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available

Patch

A patched-image rebuild pinned to OpenClaw 2026.5.18 becomes available through HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The vulnerable WebSocket endpoint is exposed over the network, so an attacker must be able to reach the OpenClaw Control UI service remotely.
AuthenticationRequired
The attacker must hold at least a low-privilege account sufficient to establish an initial WebSocket connection; no admin credentials are needed to trigger the scope elevation.
Victim interactionNot required
No user interaction is needed; the attacker sends a crafted WebSocket message directly to the server without involving any other user.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no race conditions, special memory layout, or other environmental prerequisites.

Blast Radius

Reads any data accessible to operator.admin authority, including gateway configuration, routing rules, and connection metadata.
Executes admin-gated Gateway RPCs to modify persisted gateway state, reconfigure routing, or add and remove trusted-proxy entries.
Crashes or degrades the affected OpenClaw gateway service by issuing destructive admin commands over the elevated WebSocket session.
Establishes a persistent foothold on the live WebSocket connection that survives for the duration of the session without re-authentication.

How HarborGuard Handles This

Available on HarborGuard: any image containing OpenClaw below 2026.5.18 is flagged within minutes of CVE publication, including images built internally that bundle the library. For customers with auto-remediation enabled, HarborGuard queues a rebuild at 2026.5.18, runs regression tests against the resulting image, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the patched rebuild is staged and the triage ticket is routed to the owning team for review. Customers who need to delay patching should consider restricting network access to the Control UI WebSocket endpoint via network policy, limiting which identities can establish low-privilege connections, and auditing WebSocket session logs for unexpected operator.admin scope claims.

See how HarborGuard automates this

Fix available

2026.5.18

Affected packages

OpenClaw / OpenClaw
< 2026.5.18 (from 0)
Fixed in 2026.5.18

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available