CVE-2026-53854

Vulnerability

OpenClaw before version 2026.4.25 contains a privilege escalation vulnerability in its internal and webchat command authentication. When a sender on an affected channel path transmits a command, the authentication mechanism can incorrectly inherit a wildcard ownerAllowFrom state from a different channel, granting unauthorized owner-level authorization. This affects all versions prior to the patch, specifically when the affected feature is enabled and reachable [1][2].

Exploitation

An attacker who can send commands on affected internal or webchat paths (which may include authenticated users or operators) can trigger this inheritance by issuing commands that cross channel boundaries. No special privileges beyond the ability to send on those paths are required; the bug occurs automatically due to the flawed state handling. The attacker's command then executes with owner-style scope outside the intended channel [1].

Impact

Successful exploitation allows the attacker to execute owner-style commands (such as configuration changes or privileged actions) in a channel context where they should not have that authority. This can lead to unauthorized access, data manipulation, or further escalation depending on the Gateway's configuration. The CVSSv3 score of 6.5 indicates medium severity, with high impact to integrity [2].

Mitigation

The vulnerability is fixed in OpenClaw version 2026.4.25. Until patched, operators should keep ownerAllowFrom allowlists explicit per channel, disable the affected feature if not needed, and maintain narrow channel and tool allowlists. Avoid sharing a single Gateway between mutually untrusted users as a general hardening measure [1].