CVE Catalog

CVE-2026-53857

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile - higher than 12% of all known CVEs

Summary

OpenClaw before version 2026.5.3 contains a policy enforcement vulnerability that allows Zalo contacts with mutable display metadata to match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent responses intended for different Zalo identities when the feature is enabled.

Risk Assessment

Organizations may be exposed to unauthorized access to information, potentially leading to data leaks or identity fraud. Specifically, attackers could manipulate data, threatening the integrity of communications.

Recommendation

It is recommended to update OpenClaw to version 2026.5.3 or later to mitigate this vulnerability. Additionally, consider implementing further security measures to monitor and restrict modifications to display names.

Original NVD description (English source)

OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent responses intended for different Zalo identities when the feature is enabled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS