What is GHSA-h9h6-pwqv-j9hv?

GHSA-h9h6-pwqv-j9hv is a security advisory published by GitHub Security Advisories with Low severity. OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with...

Which CVE IDs does GHSA-h9h6-pwqv-j9hv cover?

GHSA-h9h6-pwqv-j9hv covers the following CVE IDs: CVE-2026-53862. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-h9h6-pwqv-j9hv?

GHSA-h9h6-pwqv-j9hv has a CVSS v3 base score of 4.2, published by GitHub Security Advisories.

GHSA-h9h6-pwqv-j9hvLowCVSS 4.2

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with...

Vendor

GitHub Security Advisories

Published

June 16, 2026

Last Modified

June 16, 2026

🔗 CVE IDs covered (1)

CVE-2026-53862 →

📋 Description

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.

🔗 References (4)

https://github.com/openclaw/openclaw/security/advisories/GHSA-9v8j-9c9g-w66c
https://nvd.nist.gov/vuln/detail/CVE-2026-53862
https://www.vulncheck.com/advisories/openclaw-bootstrap-token-replay-via-pending-pairing-scope-widening
https://github.com/advisories/GHSA-h9h6-pwqv-j9hv