[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-53838":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-13T17:48:13.121Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":32,"related":33,"reserved_at":9,"published_at":34,"modified_at":34,"state":35,"summary":36,"references_raw":45,"kevs":57,"epss":58,"epss_history":61,"metrics":63,"affected":79},"CVE-2026-53838","OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval restrictions.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-367","Time-of-check Time-of-use (TOCTOU) Race Condition","The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.","weakness","Incomplete","Base","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[],[],[],"2026-06-12T21:57:01.301Z","Received",{"cisa_kev":37,"cisa_ransomware":37,"cisa_vendor":9,"epss_severity":38,"epss_score":39,"severity":40,"severity_score":41,"severity_version":42,"severity_source":43,"severity_vector":44,"severity_status":35},false,"low",0.00028,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[46,52],{"url":47,"sources":48,"tags":50},"https://github.com/openclaw/openclaw/security/advisories/GHSA-83w9-h5wv-j9xm",[49,43],"cve.org",[51],"Vendor Advisory",{"url":53,"sources":54,"tags":55},"https://www.vulncheck.com/advisories/openclaw-node-pairing-state-mutation-via-reconnection",[49,43],[56],"Third Party Advisory",[],{"date":59,"score":39,"percentile":60},"2026-06-13",0.08655,[62],{"date":59,"score":39,"percentile":60},[64,73],{"source":49,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":65,"cvss_v4_0":71},{"baseScore":66,"baseSeverity":67,"vectorString":68,"impactScore":69,"exploitabilityScore":70},6.5,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",6,7.2,{"baseScore":69,"baseSeverity":67,"vectorString":72,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",{"source":43,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":74,"cvss_v4_0":77},{"baseScore":41,"baseSeverity":75,"vectorString":44,"impactScore":41,"exploitabilityScore":76},"CRITICAL",10,{"baseScore":69,"baseSeverity":67,"vectorString":78,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[80],{"ecosystem":9,"name":81,"vendor":82,"product":82,"cpe_part":83,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":84},"OpenClaw","openclaw","a",[85],{"version":86,"is_range":87,"range_type":49,"version_start":9,"version_start_type":9,"version_end":88,"version_end_type":89,"fixed_in":9},"\u003C 2026.5.27",true,"2026.5.27","excluding"]