CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-53859

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 12.5%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-gxg4-2rrr-jhc7
https://www.vulncheck.com/advisories/openclaw-hostname-validation-bypass-via-trailing-dot-inconsistency

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-53859

Products

Pricing

Contact Us