{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/npm/openclaw--2026.5.6/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*"],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-53811"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["npm/openclaw (\u003c= 2026.5.6)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","matrix","openclaw","npm"],"_cs_type":"threat","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA significant vulnerability, tracked as CVE-2026-53811, has been identified in OpenClaw's Matrix \u003ccode\u003eallowFrom\u003c/code\u003e feature, affecting versions up to \u003ccode\u003e2026.5.6\u003c/code\u003e. This flaw allows a Matrix account with the ability to change its display name to bypass security policies by having its mutable display metadata match an entry in an allowlist. This misconfiguration can lead to unauthorized agent access, where permissions intended for a legitimate Matrix identity are mistakenly granted to an attacker-controlled account. The issue arises when the affected feature is enabled and reachable, particularly when lower-trust input can influence the path that leads to policy matching. While this vulnerability does not alter OpenClaw's trusted-operator model, its practical impact is highly dependent on the operator's specific configuration and the sensitivity of the agent access granted.\u003c/p\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eWhen this vulnerability is present and actively exploited, and the affected feature is enabled and reachable by untrusted input, it could allow an attacker to gain unauthorized agent access that was intended for a different, legitimate Matrix identity. The practical severity of this impact is directly tied to an organization's specific configuration of OpenClaw, the types of agents and permissions managed by the vulnerable \u003ccode\u003eallowFrom\u003c/code\u003e feature, and whether lower-trust users or external inputs can interact with this path. Successful exploitation could lead to data compromise, unauthorized operations, or broader system access, depending on the privileges associated with the hijacked agent identity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2026-53811 immediately:\u003c/strong\u003e Upgrade all instances of \u003ccode\u003enpm/openclaw\u003c/code\u003e to version \u003ccode\u003e2026.5.7\u003c/code\u003e or newer to remediate CVE-2026-53811.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImplement policy hardening:\u003c/strong\u003e Until patching is complete, configure allowlists using stable Matrix user IDs (e.g., \u003ccode\u003e@user:matrix.org\u003c/code\u003e) instead of mutable display names.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRestrict access:\u003c/strong\u003e Review and narrow channel and tool allowlists to the absolute minimum necessary.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIsolate environments:\u003c/strong\u003e Avoid sharing a single OpenClaw Gateway between mutually untrusted users or departments.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDisable unnecessary features:\u003c/strong\u003e Disable the \u003ccode\u003eallowFrom\u003c/code\u003e feature if it is not explicitly required for operational purposes, removing the attack surface for CVE-2026-53811.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:13:27Z","date_published":"2026-07-03T12:13:27Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-matrix-vulnerability/","summary":"A high-severity vulnerability (CVE-2026-53811) in OpenClaw's Matrix `allowFrom` feature allows threat actors to exploit mutable display names to match policy entries, potentially granting unauthorized agent access intended for another Matrix identity.","title":"OpenClaw Matrix allowFrom Vulnerability (CVE-2026-53811)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-matrix-vulnerability/"}],"language":"en","title":"CraftedSignal Threat Feed - Npm/Openclaw (\u003c= 2026.5.6)","version":"https://jsonfeed.org/version/1.1"}