CVE Catalog

CVE-2026-53837

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

OpenClaw before version 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted content.

Risk Assessment

This vulnerability may lead to unauthorized access to sensitive information within the system, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update OpenClaw to version 2026.5.6 or later to mitigate this vulnerability and implement additional verification mechanisms for Mattermost events.

Original NVD description (English source)

OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted content.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS