CVE-2026-53835
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
OpenClaw before version 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls.
Risk Assessment
Attackers can exploit this vulnerability to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications.
Recommendation
It is recommended to update OpenClaw to version 2026.5.6 or later to mitigate this vulnerability and review security configurations to ensure compliance with organizational policies.
Original NVD description (English source)
OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding feature to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications.

