216.73.217.139

CVE-2026-53811

· Published 11/06/2026 23:16 · Modified 12/06/2026 19:32 · Author: The MITRE Corporation

Labels: CVE-2026-53811 2026-06-11CVE-2026-53811CWE-290[email protected]

Essential information

Published
11/06/2026 23:16
Modified
12/06/2026 19:32
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.8 HIGH (v3.1) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CWE-290
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openclaw / openclaw cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

References