CVE-2026-53811
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
OpenClaw before version 2026.5.7 contains a privilege escalation vulnerability in the allowFrom feature in Matrix, allowing authenticated accounts to match policy entries through mutable display name metadata. Attackers who can change display names may gain agent access intended for another Matrix identity.
Risk Assessment
Organizations may be exposed to unauthorized access to resources, potentially leading to serious security breaches depending on operator configuration.
Recommendation
It is recommended to update OpenClaw to version 2026.5.7 or later and review access policies to limit the ability of users to change display names.
Original NVD description (English source)
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration.

