CVE-2026-53815: OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions
OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing sensitive channel messages.
Metrics
- CVSS v4.0
- 7.1
- Severity
- HIGH
- Fixed in
- 2026.5.19
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An authorization bypass vulnerability in OpenClaw before version 2026.5.19 allows authenticated low-privilege users to read messages from channels they are not permitted to access, bypassing the channel allowlist check in message read actions. The flaw is reachable over the network and requires only a low-privilege account, with no victim interaction needed. Successful exploitation exposes sensitive channel messages to unauthorized callers. A patched-image rebuild at version 2026.5.19 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that package OpenClaw.
AvailableHarborGuard is capable of scoring this finding at CVSS 7.1 (High) and weighting it against each environment's compliance policy, then routing the alert to the appropriate team inbox within the customer organization.
AvailableA patched-image rebuild at OpenClaw 2026.5.19 is available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The vulnerable message read endpoint is exposed over the network, so an attacker must be able to reach the service remotely to send crafted requests.
- AuthenticationRequired
A low-privilege account is sufficient; the attacker does not need administrative credentials, but some valid account is required to invoke the message read actions.
- Victim interactionNot required
No victim interaction is needed; the attacker sends requests directly to the service without any social-engineering step.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental setup beyond holding a valid low-privilege account.
Blast Radius
- Reads messages from channels the attacker's account is not authorized to access, including any sensitive content those channels contain.
- Bypasses the channel allowlist control entirely, so the scope of readable messages is bounded only by what exists in OpenClaw, not by the intended permission model.
- Confidentiality of stored channel communications is fully compromised; integrity and availability of data are not affected by this vulnerability.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-53815 is active across all scanning environments, matching any image that packages OpenClaw below version 2026.5.19. A rebuild at the fixed version is available immediately for affected environments. For customers who opt into auto-remediation, HarborGuard can trigger a patched rebuild, execute regression tests, and open a pull request against affected workloads; for high-severity issues like this one, median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual review before deployment, HarborGuard routes the finding and the candidate patched image to the designated team inbox for approval.
- OpenClaw / OpenClaw< 2026.5.19 (from 0)Fixed in 2026.5.19
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N