Skip to main content

OpenClaw EUVDEUVD-2026-37142

| CVE-2026-53840 MEDIUM
Insufficiently Protected Credentials (CWE-522)
6.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.9 MEDIUM

Network vector but AC:H because attacker must control or compromise an MCP endpoint (AT:P precondition); PR:L for required infrastructure access; C:H for direct credential exposure, I:L for minor integrity side-effect.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 16, 2026 - 20:02 EUVD
Analysis Generated
Jun 16, 2026 - 19:07 vuln.today

DescriptionCVE.org

OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate sensitive headers like API keys or tenant-routing credentials to attacker-controlled origins.

AnalysisAI

OpenClaw's streamable-http MCP server implementation leaks operator-configured custom headers to attacker-controlled origins during cross-origin HTTP redirects. All OpenClaw versions before 2026.5.12 are affected, and any deployment that places sensitive values - API keys, tenant-routing credentials, or bearer tokens - in operator-configured custom headers is exposed. An attacker who controls or has compromised an MCP endpoint can trigger a cross-origin redirect, causing OpenClaw to forward those headers to an origin the attacker controls, resulting in credential theft. No public exploit has been identified at time of analysis, and this CVE is not currently listed in CISA KEV.

Technical ContextAI

OpenClaw implements the Model Context Protocol (MCP) over a streamable-HTTP transport layer. In standard HTTP client behavior, custom request headers should be stripped when a redirect crosses an origin boundary (RFC 9110 §15.4), because the destination of the redirect is untrusted relative to the original target. CWE-522 (Insufficiently Protected Credentials) captures the root cause: OpenClaw does not enforce this stripping, so operator-injected headers - which frequently carry authentication material such as API keys or multi-tenant routing tokens - are blindly forwarded to whatever origin the redirect resolves to. The affected CPE is cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*, covering all versions prior to the 2026.5.12 release. The CVSS 4.0 AT:P metric confirms that specific attack conditions (adversarial control of an MCP endpoint) are required, distinguishing this from a fully opportunistic flaw.

RemediationAI

The primary fix is to upgrade OpenClaw to version 2026.5.12 or later, which resolves the cross-origin header forwarding behavior. Full details are in the vendor advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-rjxq-qqhf-8hwh. If immediate upgrade is not possible, a targeted compensating control is to remove sensitive credentials from operator-configured custom headers and instead inject them at the application layer (e.g., via per-request credential lookup rather than static header injection), which eliminates the exposure path without requiring a software update - the trade-off is increased application complexity. Alternatively, operators can restrict MCP endpoint targets to a strict allowlist of trusted origins, preventing OpenClaw from following redirects to unexpected destinations; this does not fix the underlying header-forwarding flaw but reduces the attacker's ability to trigger it. Network-level controls that block outbound HTTP requests to non-approved origins provide an additional defense layer but require careful maintenance of the allowlist.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-37142 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy