CVE-2026-53815

CVE Database · CVE-2026-53815

CVE-2026-53815

· MEDIUMAnalyzed

CVSS v3.1

6.5

CVSS v4.0

7.1

EPSS

0.21%

Published

Jun 11, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing sensitive channel messages.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-862

Affected Products (1)

openclaw · openclaw (up to 2026.5.19)vulnerable

References (2)

https://github.com/openclaw/openclaw/security/advisories/GHSA-q7q8-3mgw-q67r

MitigationVendor Advisory

https://www.vulncheck.com/advisories/openclaw-channel-allowlist-bypass-in-message-read-actions

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs