VYPR
← All advisories
High severity8.8NVD Advisory· Published Jun 11, 2026

CVE-2026-53811

CVE-2026-53811

Description

OpenClaw before 2026.5.7 allows privilege escalation via the Matrix allowFrom feature, where attackers with mutable display names can match policy entries intended for other identities.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenClaw before 2026.5.7 allows privilege escalation via the Matrix allowFrom feature, where attackers with mutable display names can match policy entries intended for other identities.

Vulnerability

OpenClaw before version 2026.5.7 contains a privilege escalation vulnerability in the allowFrom feature for Matrix identities. The feature binds policy entries to mutable display name metadata rather than stable Matrix user IDs. This allows an authenticated account that can change its display name to match a policy entry intended for another Matrix identity [1][2].

Exploitation

An attacker must have an authenticated Matrix account with the ability to change their display name. By altering their display name to match the display name of a target identity that has been granted agent access via the allowFrom feature, the attacker can receive agent access intended for that target. No additional privileges or user interaction are required beyond the ability to change display names [1][2].

Impact

Successful exploitation allows the attacker to gain unauthorized agent access, potentially leading to privilege escalation within the OpenClaw gateway. The practical impact depends on the operator's configuration and whether lower-trust input can reach the affected path. This could result in unauthorized actions, data access, or further compromise depending on the permissions granted to the agent [2].

Mitigation

The first stable patched version is 2026.5.7 [2]. Operators should upgrade to this version or later. As a workaround, use stable Matrix user IDs in allowlists instead of display names, keep channel and tool allowlists narrow, avoid sharing a gateway between mutually untrusted users, and disable the affected feature when not needed [2]. No KEV listing is currently available.

References
  1. OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom
  2. Matrix allowFrom could bind to mutable display names

AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • OpenClaw/Openclawinferred2 versions
    <2026.5.7+ 1 more
    • (no CPE)range: <2026.5.7
    • (no CPE)range: <2026.5.7

Patches

1
eeef4864494f

test(release): align stable onboarding npm prompt

https://github.com/OpenClaw/OpenClawPeter SteinbergerMay 7, 2026Fixed in 2026.5.7via release-tag
commit
1 file changed · +1 1
  • src/commands/onboarding-plugin-install.test.ts+1 1 modified
    @@ -317,7 +317,7 @@ describe("ensureOnboardingPluginInstalled", () => {
     });
 
     expect(captured?.options).toEqual([
-      { value: "npm", label: "Download from npm (@demo/plugin@beta)" },
+      { value: "npm", label: "Download from npm (@demo/plugin)" },
       { value: "skip", label: "Skip for now" },
     ]);
     expect(captured?.initialValue).toBe("npm");

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

2

News mentions

0

No linked articles in our index yet.