CVE-2026-53815
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
OpenClaw before version 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them, potentially exposing sensitive information.
Risk Assessment
The organization may be exposed to the disclosure of confidential messages, leading to privacy breaches and data security issues. Exploitation of this vulnerability could impact the company's reputation and user trust.
Recommendation
It is recommended to update OpenClaw to version 2026.5.19 or later to mitigate this vulnerability. Additionally, conducting a security audit to identify and secure other potential weaknesses is advisable.
Original NVD description (English source)
OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing sensitive channel messages.

