PatchSiren cyber security CVE debrief
CVE-2026-53857 OpenClaw CVE debrief
CVE-2026-53857 is a HIGH-severity vulnerability in OpenClaw, a software that contains a policy enforcement issue. The vulnerability has a CVSS score of 8.6. The issue arises from OpenClaw's handling of Zalo contacts with mutable display metadata, which could allow an attacker to receive agent responses intended for different Zalo identities when the feature is enabled. This vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-18
Who should care
Users of OpenClaw before version 2026.5.3 should be aware of this vulnerability, especially if they use the Zalo feature with mutable display names.
Technical summary
The vulnerability exists in OpenClaw's policy enforcement mechanism, specifically in how it handles Zalo contacts with mutable display metadata. This allows attackers with mutable display names to potentially receive agent responses meant for other Zalo identities.
Defensive priority
HIGH
Recommended defensive actions
- Update OpenClaw to version 2026.5.3 or later.
- Review and adjust the allowFrom policy settings for Zalo contacts.
- Monitor for suspicious activity related to Zalo interactions.
Evidence notes
The CVE record and details were obtained from [resourceLinkAnnotations:cve-org]. Additional information was sourced from [resourceLinkAnnotations:nvd].
Official resources
CVE-2026-53857 was disclosed by Vulncheck on 2026-06-16.