CVE-2026-53840

Description

### Summary OpenClaw supports remote MCP Streamable HTTP servers with operator-configured custom headers. In affected releases, those headers could be forwarded when the MCP endpoint responded with a cross-origin redirect. This issue is limited to configured MCP Streamable HTTP servers that use custom headers. It does not expose unrelated OpenClaw credentials. ### Affected configurations This affects deployments where an MCP server is configured with: - `transportType: "streamable-http"` - sensitive custom headers under `mcp.servers.*.headers` - an MCP endpoint that is malicious, compromised, or able to redirect to another origin ### Impact Custom MCP headers, such as API keys or tenant-routing headers, could be sent to the redirect target. The exposed credential scope depends on the header the operator configured for that MCP server. ### Patched Versions The first stable patched version is `2026.5.12`. ### Mitigations Upgrade to `openclaw@2026.5.8` or later. Before upgrading, avoid custom MCP headers with servers you do not fully trust, and rotate any MCP-specific credentials that may have been exposed by a redirecting endpoint.

How to fix CVE-2026-53840

To remediate CVE-2026-53840, upgrade the affected package to a fixed version below.

• —upgrade to 2026.5.12 or later

Is CVE-2026-53840 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-53840.

Affected packages (1)

• from 0, < 2026.5.12

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-53840
• PATCHgithub.com/openclaw/openclaw
• WEBgithub.com/openclaw/openclaw/security/advisories/GHSA-rjxq-qqhf-8hwh
• WEBwww.vulncheck.com/advisories/openclaw-custom-header-leakage-via-mcp-streamable-http-cross-origin-redirects