CVE-2026-53807: OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom

Synopsis

An authorization bypass vulnerability exists in OpenClaw, a Telegram bot framework, affecting all versions before 2026.5.6. The flaw is reachable over the network and requires a low-privilege account; an attacker sends crafted Telegram interactive callbacks that mark themselves as an authorized sender before the commands.allowFrom allowlist check runs. Successful exploitation lets the attacker invoke any restricted command as if they were a permitted sender, enabling full read, write, and availability impact on the affected service. A patched-image rebuild at version 2026.5.6 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityRequired

  The attacker must reach the OpenClaw service over the network to deliver crafted Telegram callback payloads.

• AuthenticationRequired

  A low-privilege Telegram account is sufficient; no admin or elevated credentials are needed, but some account access is required.

• Victim interactionNot required

  No victim action is needed; the attacker sends the crafted callback directly without any social-engineering step.

• Attack complexityDetail

  Base exploit logic is condition-free and reliable, though the AT:P token indicates that specific deployment conditions (such as particular allowFrom configurations) must be present for the bypass to succeed.

Blast Radius

• Reads any data the Telegram bot has access to, including stored messages, user records, and connected service credentials.
• Modifies bot state and persisted configuration by invoking write-capable commands outside the intended allowlist.
• Triggers command handlers that can disrupt or crash the affected OpenClaw service process.
• Bypasses operator-defined sender restrictions entirely, effectively nullifying the commands.allowFrom access control for the attacker's session.