CVE-2026-53823

Summary

OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other identities.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.5.3affected
OpenClawOpenClaw2026.5.3unaffected

Weaknesses

  • CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References