Vulnerability Details CVE-2026-53817
OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.1%
CVSS Severity
CVSS v3 Score 8.8