Tag
An authentication bypass vulnerability (CVE-2026-53817) in OpenClaw's Control UI pairing mechanism allows an attacker with existing network/authentication foothold in LAN/shared-token deployments to spoof locality information, leading to the acquisition of a durable admin-capable device token that grants persistent administrative access, even after shared gateway tokens are rotated.