[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-53817":3,"news-by-cve-CVE-2026-53817-10":57},{"nuclei_template_count":4,"has_ai_summary":5,"state":6,"in_kev":5,"weaknesses":7,"vendor_context":11,"has_nuclei_templates":5,"cvss_version":20,"cvss_vector":21,"nvd_cvss_score":22,"kev_ransomware_use":5,"has_solution":5,"title":23,"date_published":24,"exploit_count":4,"remediation_summary":25,"id":26,"nvd_cvss_vector":21,"affected_products_preview":27,"sectors":31,"references_preview":32,"has_attack_graph":38,"assigner_short_name":10,"cvss_severity":39,"attack_technique_count":40,"description":41,"attack_techniques":42,"sources":50,"cvss_source":51,"has_workaround":5,"reference_count":52,"attack_tactics":53,"date_updated":54,"cvss_score":22,"has_exploit":5,"tags":55,"source_identifier":56,"assigner_org":10,"nvd_cvss_severity":39,"affected_product_count":40},0,false,"PUBLISHED",[8],{"cwe_id":9,"name":10},"CWE-290","",[12],{"vendor":13,"vendor_type":14,"aliases":15,"sector":18,"subsector":19},"openclaw","oss-project",[16,17],"crabbox","clawdbot","security-products","endpoint-av-edr","3.1","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",8.8,"OpenClaw \u003C 2026.5.22 - Control UI Locality Spoofing in Device Pairing","2026-06-11T20:09:38Z",{"has_patch":5,"has_workaround":5},"CVE-2026-53817",[28],{"vendor":29,"product":29,"sector":18,"subsector":19,"deployment":30},"OpenClaw","embedded",[18],[33,36],{"url":34,"source":35},"https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw","cvelist",{"url":37,"source":35},"https://www.vulncheck.com/advisories/openclaw-control-ui-locality-spoofing-in-device-pairing",true,"HIGH",1,"OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert temporary shared access into persistent administrative credentials that survive token rotation.",[43],{"technique_name":44,"tactic":45,"tactic_name":46,"url":47,"confidence":48,"technique_id":49},"Valid Accounts","initial-access","Initial Access","https://attack.mitre.org/techniques/T1078/","medium","T1078",[35,51],"nvd",2,[46],"2026-06-11T21:16:23Z",[],"83251b91-4cc7-4094-a5c7-464a1b83ea10",{"cve_id":26,"items":58,"total":4},[]]