PatchSiren cyber security CVE debrief
CVE-2026-53835 OpenClaw CVE debrief
CVE-2026-53835 is a configuration enforcement bypass vulnerability in OpenClaw before version 2026.5.6. The vulnerability affects the Feishu dynamic-agent bindings, allowing authenticated senders to create or update bindings without honoring configured config-write controls. This could enable attackers to change sender-agent binding state beyond intended policy, potentially allowing unauthorized binding modifications. The vulnerability has a CVSS score of 2.3 and is considered LOW severity.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- LOW 2.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of OpenClaw before version 2026.5.6 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper enforcement of config-write controls in the Feishu dynamic-agent bindings of OpenClaw. This allows authenticated senders to bypass configured controls and create or update bindings without proper authorization.
Defensive priority
LOW
Recommended defensive actions
- Update OpenClaw to version 2026.5.6 or later to fix the vulnerability.
- Review and enforce proper config-write controls for Feishu dynamic-agent bindings.
Evidence notes
The CVE record and details were obtained from the official CVE.org and NVD sources.
Official resources
CVE-2026-53835 was published on 2026-06-12T22:16:55.237Z and has not been modified since then.