CVE-2026-53834
7.5 HIGHOpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated s...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- CWE
- CWE-863
Description
OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering command handling from blocked senders depending on operator configuration.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-2470 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions... (4.3 MEDIUM)
- CVE-2026-54398 — An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP o...
- CVE-2026-53835 — OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authentic... (4.3 MEDIUM)
- CVE-2026-53828 — OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to e... (8.8 HIGH)
- CVE-2026-53521 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.4 MEDIUM)