CVE-2026-53835
Description
OpenClaw <2026.5.6 has a config-write bypass in Feishu dynamic-agent bindings, allowing authenticated senders to alter bindings against policy.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenClaw <2026.5.6 has a config-write bypass in Feishu dynamic-agent bindings, allowing authenticated senders to alter bindings against policy.
Vulnerability
OpenClaw before version 2026.5.6 contains a configuration enforcement bypass vulnerability in the Feishu dynamic-agent bindings. The Feishu sender using dynamic-agent binding behavior can create or update bindings without honoring the configured config-write control [1][2]. This affects versions prior to the patched release.
Exploitation
An attacker must be an authenticated sender with access to the Feishu dynamic-agent binding feature. By leveraging the dynamic-agent binding mechanism, the attacker can bypass the config-write enforcement controls to change sender-agent binding state beyond intended policy [1]. No additional user interaction is required.
Impact
Successful exploitation allows the attacker to modify sender-agent bindings in a manner that violates the operator's intended configuration policy. This could lead to unauthorized binding modifications, potentially enabling further misuse depending on the operator's configuration [1].
Mitigation
The vulnerability is fixed in OpenClaw version 2026.5.6 [1]. As a workaround, disable sender-created Feishu dynamic-agent bindings if not needed. General hardening includes keeping channel and tool allowlists narrow, avoiding shared Gateways between mutually untrusted users, and disabling the affected feature when not required [1]. No KEV listing is reported.
AI Insight generated on Jun 12, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
1c97b9f79ec43test(plugin-sdk): satisfy fetch header lint
1 file changed · +1 −1
src/plugin-sdk/fetch-auth.test.ts+1 −1 modified@@ -125,7 +125,7 @@ describe("fetchWithBearerAuthScopeFallback", () => { enumerable: false, }); const fetchFn = vi.fn(async (_url: string, init?: RequestInit) => { - new Headers(init?.headers); + expect(() => new Headers(init?.headers)).not.toThrow(); return fetchFn.mock.calls.length === 1 ? new Response("unauthorized", { status: 401 }) : new Response("ok", { status: 200 });
Vulnerability mechanics
Root cause
"Missing enforcement of config-write controls in Feishu dynamic-agent bindings allows authenticated users to bypass policy and modify binding state."
Attack vector
An authenticated attacker exploits the Feishu dynamic-agent binding feature to create or update bindings without the config-write controls being enforced. The vulnerability is triggered over the network with low privileges and no user interaction, and the patch only adjusts a test assertion, indicating the flaw lies in how the SDK handles fetch header validation for agent binding requests.
Affected code
src/plugin-sdk/fetch-auth.test.ts
What the fix does
The patch changes a test in `fetch-auth.test.ts` so that constructing a `Headers` object from potentially invalid headers no longer throws an error. This test-only change does not address the underlying configuration enforcement bypass, meaning the advisory's described vulnerability remains unfixed in the visible diff.
Preconditions
- authThe attacker must be an authenticated user with access to the Feishu dynamic-agent binding API.
- networkNo special network position is required beyond normal application access.
Generated on Jun 12, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.