CVE-2026-53811
8.8 HIGHOpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts...
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-290
Description
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53817 — OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to... (8.8 HIGH)
- CVE-2026-6090 — A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute... (7.0 HIGH)
- CVE-2026-48567 — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network (10.0 CRITICAL)
- CVE-2026-11019 — Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised... (6.5 MEDIUM)
- CVE-2026-11001 — Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage... (6.5 MEDIUM)