VYPR
← All advisories
High severity8.8NVD Advisory· Published Jun 11, 2026

CVE-2026-53807

CVE-2026-53807

Description

OpenClaw before 2026.5.6 has an authorization bypass in Telegram interactive callbacks, allowing authenticated users to bypass sender allowlist checks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenClaw before 2026.5.6 has an authorization bypass in Telegram interactive callbacks, allowing authenticated users to bypass sender allowlist checks.

Vulnerability

OpenClaw before version 2026.5.6 contains an authorization bypass vulnerability (CWE-863) in Telegram interactive callbacks. The bug allows an authenticated Telegram user to invoke an affected callback that marks the user as an authorized sender before the commands.allowFrom validation is applied. This bypasses the configured sender allowlist, enabling command execution outside the intended restrictions. The feature must be enabled and reachable for exploitation [1][2].

Exploitation

An attacker needs to be an authenticated Telegram user capable of invoking the affected interactive callback. No special network position is required beyond access to the Telegram bot. The attacker triggers the callback, which sets their sender status as authorized before the allowlist check occurs, thereby skipping the commands.allowFrom validation [1][2].

Impact

Successful exploitation allows the attacker to trigger command behavior that should be restricted by the Telegram sender allowlist. Depending on the operator's configuration, this could lead to unauthorized command execution, potentially compromising confidentiality, integrity, and availability. The CVSS v3 score is 8.8 (High) [2].

Mitigation

The vulnerability is fixed in OpenClaw version 2026.5.6 [1]. As a workaround, restrict Telegram command callbacks to trusted chats until patched. Additional hardening measures include keeping channel and tool allowlists narrow, avoiding sharing one Gateway between mutually untrusted users, and disabling the affected feature when not needed [1]. No KEV listing is currently available.

References
  1. Telegram interactive callbacks could skip commands.allowFrom
  2. OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom

AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • OpenClaw/Openclawinferred2 versions
    <2026.5.6+ 1 more
    • (no CPE)range: <2026.5.6
    • (no CPE)range: <2026.5.6

Patches

1
c97b9f79ec43

test(plugin-sdk): satisfy fetch header lint

https://github.com/OpenClaw/OpenClawPeter SteinbergerMay 6, 2026Fixed in 2026.5.6via release-tag
commit
1 file changed · +1 1
  • src/plugin-sdk/fetch-auth.test.ts+1 1 modified
    @@ -125,7 +125,7 @@ describe("fetchWithBearerAuthScopeFallback", () => {
       enumerable: false,
     });
     const fetchFn = vi.fn(async (_url: string, init?: RequestInit) => {
-      new Headers(init?.headers);
+      expect(() => new Headers(init?.headers)).not.toThrow();
       return fetchFn.mock.calls.length === 1
         ? new Response("unauthorized", { status: 401 })
         : new Response("ok", { status: 200 });

Vulnerability mechanics

Root cause

"Authorization bypass in Telegram interactive callbacks allows authenticated users to skip commands.allowFrom validation."

Attack vector

An authenticated attacker sends a crafted Telegram interactive callback to the OpenClaw bot. The callback triggers logic that marks the sender as an authorized user before the `commands.allowFrom` allowlist check is applied, effectively bypassing the configured Telegram sender restrictions. This allows the attacker to invoke commands that should be limited to specific authorized senders. The attack requires only low-privilege authentication and no special network access beyond being able to interact with the Telegram bot.

Affected code

The vulnerability is in the Telegram interactive callback handling within OpenClaw. The patch modifies `src/plugin-sdk/fetch-auth.test.ts`, which is a test file for the fetch authentication module. The advisory indicates that the core defect lies in `commands.allowFrom` validation being bypassed by authenticated users through Telegram interactive callbacks, though the exact source file implementing this logic is not shown in the patch diff.

What the fix does

The patch shown only adjusts a test assertion in `fetch-auth.test.ts` to satisfy a linting rule — it wraps `new Headers(init?.headers)` in an `expect().not.toThrow()` call. This test change does not address the authorization bypass described in the advisory. The advisory states that the vulnerability is fixed in OpenClaw 2026.5.6, but the provided patch does not include the actual fix for the `commands.allowFrom` validation bypass. The real remediation would require reordering the authorization check so that allowlist validation occurs before any callback marks a user as authorized.

Preconditions

  • authThe attacker must be an authenticated user of the Telegram bot.
  • inputThe attacker must be able to send interactive callbacks to the bot (e.g., by clicking inline buttons or sending callback data).

Generated on Jun 11, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.