PatchSiren cyber security CVE debrief
CVE-2026-53807 OpenClaw CVE debrief
CVE-2026-53807 is a HIGH-severity vulnerability in OpenClaw, a software that contains an authorization bypass vulnerability in Telegram interactive callbacks. This vulnerability allows authenticated users to skip commands.allowFrom validation, potentially triggering command behavior outside configured Telegram sender restrictions.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw before version 2026.5.6 should apply the patch to prevent exploitation of this vulnerability.
Technical summary
The vulnerability exists in OpenClaw's handling of Telegram interactive callbacks, where an authenticated user can bypass the commands.allowFrom validation. This allows an attacker to invoke affected callbacks and mark themselves as authorized senders before allowlist checks are applied.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade OpenClaw to version 2026.5.6 or later.
- Review and update Telegram sender restrictions to prevent unauthorized access.
Evidence notes
The vulnerability was reported by [email protected] and is tracked under CWE-863.
Official resources
-
CVE-2026-53807 CVE record
CVE.org
-
CVE-2026-53807 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-53807 was published on 2026-06-11T21:16:22.580Z and modified on 2026-06-12T19:33:01.740Z.