CVE-2026-53823

CVE Database · CVE-2026-53823

CVE-2026-53823

· HIGHReceived

CVSS v3.1

8.1

CVSS v4.0

8.6

EPSS

0.21%

Published

Jun 12, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other identities.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-290

References (2)

https://github.com/openclaw/openclaw/security/advisories/GHSA-c29c-2q9c-pc86

https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-mutable-slack-display-names-in-allowfrom

KEV Catalog EPSS Scores Vendors All CVEs