How is CVE-2026-53811 exploited?

Network reachability (required): The attacker must reach the OpenClaw service over the network; the AV:N vector token indicates the vulnerable endpoint is exposed to network-accessible clients. Authentication (required): A low-privilege authenticated account is sufficient; the attacker must be able to log in and modify their own display name, but no elevated or admin credentials are needed. Victim interaction (not-required): No victim action is needed; the attacker manipulates their own display name and the policy match occurs server-side without any user interaction. Attack complexity (info): Base exploit logic is straightforward (AC:L), but the AT:P token indicates a specific precondition must be met, namely that the operator has configured a Matrix allowFrom policy entry that relies on display name matching rather than a stable identity attribute.

What is the impact of CVE-2026-53811?

The attacker reads data accessible to the impersonated Matrix identity, including resources the legitimate account is authorized to view. The attacker writes or modifies resources under the impersonated identity's agent permissions, depending on what the operator's policy grants. The attacker can disrupt or terminate agent operations tied to the impersonated identity, causing service-level failures for workloads that depend on that agent access. The scope of impact is bounded to the local OpenClaw instance (SC:N, SI:N, SA:N), so no lateral movement to adjacent systems is implied by this vector alone.

Back to search

HIGHCVE-2026-53811Published 2026-06-11Modified 2026-06-16CNA VulnCheck

CVE-2026-53811: OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom

Q: What is CVE-2026-53811?

A privilege escalation vulnerability exists in OpenClaw before version 2026.5.7, affecting the Matrix allowFrom feature. An authenticated attacker who can modify their display name can spoof another Matrix identity and match policy entries meant for a different account, gaining agent-level access that the operator did not intend to grant. Successful exploitation gives the attacker unauthorized permissions over resources protected by those policy entries. A patched-image rebuild at version 2026.5.7 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-53811 fixed?

A patched-image rebuild at OpenClaw 2026.5.7 becomes available on HarborGuard once the fix version is confirmed in the upstream advisory record. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration.

CVSS v4.0: 7.7
Severity: HIGH
Fixed in: 2026.5.7
Affected Products: 1

HarborGuard Analysis

Synopsis

A privilege escalation vulnerability exists in OpenClaw before version 2026.5.7, affecting the Matrix allowFrom feature. An authenticated attacker who can modify their display name can spoof another Matrix identity and match policy entries meant for a different account, gaining agent-level access that the operator did not intend to grant. Successful exploitation gives the attacker unauthorized permissions over resources protected by those policy entries. A patched-image rebuild at version 2026.5.7 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53811 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that package OpenClaw. Any image with an OpenClaw version below 2026.5.7 is flagged automatically.

Available

Triage

HarborGuard scores this CVE at 7.7 HIGH using the CVSS v4.0 vector and weights the finding against each customer environment's configured compliance policy. Routed alerts are delivered to the appropriate team inbox inside each customer organization based on policy-defined ownership rules.

Available

Patch

A patched-image rebuild at OpenClaw 2026.5.7 becomes available on HarborGuard once the fix version is confirmed in the upstream advisory record. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the OpenClaw service over the network; the AV:N vector token indicates the vulnerable endpoint is exposed to network-accessible clients.
AuthenticationRequired
A low-privilege authenticated account is sufficient; the attacker must be able to log in and modify their own display name, but no elevated or admin credentials are needed.
Victim interactionNot required
No victim action is needed; the attacker manipulates their own display name and the policy match occurs server-side without any user interaction.
Attack complexityDetail
Base exploit logic is straightforward (AC:L), but the AT:P token indicates a specific precondition must be met, namely that the operator has configured a Matrix allowFrom policy entry that relies on display name matching rather than a stable identity attribute.

Blast Radius

The attacker reads data accessible to the impersonated Matrix identity, including resources the legitimate account is authorized to view.
The attacker writes or modifies resources under the impersonated identity's agent permissions, depending on what the operator's policy grants.
The attacker can disrupt or terminate agent operations tied to the impersonated identity, causing service-level failures for workloads that depend on that agent access.
The scope of impact is bounded to the local OpenClaw instance (SC:N, SI:N, SA:N), so no lateral movement to adjacent systems is implied by this vector alone.

How HarborGuard Handles This

Available on HarborGuard: images containing OpenClaw versions below 2026.5.7 are flagged as HIGH severity within minutes of the CVE entering the upstream feed. Where compliance policy permits, HarborGuard can rebuild the affected image at version 2026.5.7 and open a pull request against the workloads running the vulnerable image; for environments with auto-remediation enabled, the median time from CVE publication to a merged patch PR for high-severity issues is around 90 minutes. Until a rebuild is deployed, operators should review and harden their Matrix allowFrom policy entries to avoid relying on mutable display name metadata as an identity signal, and consider network-policy controls that restrict which identities can reach the Matrix allowFrom endpoint. HarborGuard continues monitoring the advisory across ingest cycles to capture any follow-on patches or version corrections from the upstream maintainer.

See how HarborGuard automates this

Fix available

2026.5.7

Patch commits

GitHub Security Advisory (GHSA-7hxm-f538-3xp6)

Affected packages

OpenClaw / OpenClaw
< 2026.5.7 (from 0)
Fixed in 2026.5.7

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available