PatchSiren cyber security CVE debrief
CVE-2026-53834 OpenClaw CVE debrief
CVE-2026-53834 is a HIGH-severity vulnerability in OpenClaw, a software that contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands. The vulnerability, which has a CVSS score of 8.2, allows authenticated senders to skip allowFrom policy checks, potentially triggering command handling from blocked senders depending on operator configuration.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw before version 2026.4.27 should apply the patch to prevent exploitation of this vulnerability.
Technical summary
The vulnerability exists in the QQBot pre-dispatch slash commands of OpenClaw. An attacker can invoke slash commands before configured access control policies are applied, potentially triggering command handling from blocked senders.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch to update OpenClaw to version 2026.4.27 or later.
- Review and update access control policies to prevent unauthorized command handling.
Evidence notes
The CVE record was obtained from the official CVE website [cve-org]. Additional information was obtained from [ref-4] and [ref-5].
Official resources
CVE-2026-53834 was published on 2026-06-12T22:16:55.090Z and has not been modified since then.