Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

CVE-2026-53812— OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions

CVSS 7.7 · High EPSS 0.25% · P16

Affected Version Matrix 2

VendorProductVersion RangeStatus
OpenClawOpenClaw< 2026.5.18affected
2026.5.18unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53812

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered redirects and subsequently read restricted page content using browser evaluation capabilities.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.5.18之前版本存在代码问题漏洞,该漏洞源于浏览器控制中的服务器端请求伪造问题,允许经过身份验证的用户通过Playwright act交互绕过私有网络导航检查。攻击者可以通过操作触发的重定向触发对私有网络目标的导航,随后使用浏览器评估功能读取受限页面内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenClawOpenClaw 0 ~ 2026.5.18 -

II. Public POCs for CVE-2026-53812

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53812

登录查看更多情报信息。

Vendor Advisories for CVE-2026-53812 (2)

Same Patch Batch · OpenClaw · 2026-06-11 · 14 CVEs total

CVE-2026-538068.8 HIGHOpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation
CVE-2026-538078.8 HIGHOpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.
CVE-2026-538108.8 HIGHOpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extensio
CVE-2026-538118.8 HIGHOpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom
CVE-2026-538178.8 HIGHOpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing
CVE-2026-538198.8 HIGHOpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override
CVE-2026-538148.3 HIGHOpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority
CVE-2026-538137.8 HIGHOpenClaw < 2026.4.25 - Arbitrary Artifact Loading via Fake Package Root Resolution
CVE-2026-538167.2 HIGHOpenClaw < 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node
CVE-2026-538186.6 MEDIUMOpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback
CVE-2026-538086.5 MEDIUMOpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow
CVE-2026-538156.5 MEDIUMOpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions
CVE-2026-538093.8 LOWOpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

IV. Related Vulnerabilities

Same product: OpenClaw
Same vendor: OpenClaw
Same weakness: CWE-918

V. Comments for CVE-2026-53812

No comments yet

Leave a comment