CVE-2026-53823
8.1 HIGHOpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-290
Description
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other identities.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53833 — OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders... (7.7 HIGH)
- CVE-2026-53832 — OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy id... (7.7 HIGH)
- CVE-2026-5792 — Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc (6.5 MEDIUM)
- CVE-2026-53817 — OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to... (8.8 HIGH)
- CVE-2026-53811 — OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts... (8.8 HIGH)