CVE Catalog

CVE-2026-53835

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

OpenClaw before version 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls.

Risk Assessment

Attackers can exploit this vulnerability to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications.

Recommendation

It is recommended to update OpenClaw to version 2026.5.6 or later to mitigate this vulnerability and review security configurations to ensure compliance with organizational policies.

Original NVD description (English source)

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding feature to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS