OpenClaw Matrix allowFrom Vulnerability (CVE-2026-53811)
A high-severity vulnerability (CVE-2026-53811) in OpenClaw's Matrix `allowFrom` feature allows threat actors to exploit mutable display names to match policy entries, potentially granting unauthorized agent access intended for another Matrix identity.
A significant vulnerability, tracked as CVE-2026-53811, has been identified in OpenClaw's Matrix allowFrom feature, affecting versions up to 2026.5.6. This flaw allows a Matrix account with the ability to change its display name to bypass security policies by having its mutable display metadata match an entry in an allowlist. This misconfiguration can lead to unauthorized agent access, where permissions intended for a legitimate Matrix identity are mistakenly granted to an attacker-controlled account. The issue arises when the affected feature is enabled and reachable, particularly when lower-trust input can influence the path that leads to policy matching. While this vulnerability does not alter OpenClaw's trusted-operator model, its practical impact is highly dependent on the operator's specific configuration and the sensitivity of the agent access granted.
Impact
When this vulnerability is present and actively exploited, and the affected feature is enabled and reachable by untrusted input, it could allow an attacker to gain unauthorized agent access that was intended for a different, legitimate Matrix identity. The practical severity of this impact is directly tied to an organization's specific configuration of OpenClaw, the types of agents and permissions managed by the vulnerable allowFrom feature, and whether lower-trust users or external inputs can interact with this path. Successful exploitation could lead to data compromise, unauthorized operations, or broader system access, depending on the privileges associated with the hijacked agent identity.
Recommendation
- Patch CVE-2026-53811 immediately: Upgrade all instances of
npm/openclawto version2026.5.7or newer to remediate CVE-2026-53811. - Implement policy hardening: Until patching is complete, configure allowlists using stable Matrix user IDs (e.g.,
@user:matrix.org) instead of mutable display names. - Restrict access: Review and narrow channel and tool allowlists to the absolute minimum necessary.
- Isolate environments: Avoid sharing a single OpenClaw Gateway between mutually untrusted users or departments.
- Disable unnecessary features: Disable the
allowFromfeature if it is not explicitly required for operational purposes, removing the attack surface for CVE-2026-53811.