CVE-2026-53823

Published Jun 12, 2026

Last updated 16 hours ago

Overview

Description: OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other identities.
Source: disclosure@vulncheck.com
NVD status: Received

Risk scores

CVSS 4.0

Type: Secondary
Base score: 8.6
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

Weaknesses

disclosure@vulncheck.com: CWE-290

Hype score: Not currently trending

CVE-2026-53823 Privilege Escalation in OpenClaw Before 2026.5.3 via Mutable Slack Display Names https://t.co/FP7R9vtISb
@VulmonFeeds
13 Jun 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.