CVE-2026-53811

CVE Database · CVE-2026-53811

CVE-2026-53811

· HIGHAnalyzed

CVSS v3.1

8.8

CVSS v4.0

7.7

EPSS

0.31%

Published

Jun 11, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-290

Affected Products (1)

openclaw · openclaw (up to 2026.5.7)vulnerable

References (2)

https://github.com/openclaw/openclaw/security/advisories/GHSA-7hxm-f538-3xp6

MitigationVendor Advisory

https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-mutable-display-names-in-matrix-allowfrom

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs