How is CVE-2026-53823 exploited?

Network reachability (required): The attacker must reach the OpenClaw service over the network to leverage the renamed Slack display name against the allowFrom policy check. Authentication (required): The attacker needs a low-privilege Slack account with permission to change display name metadata; no admin access is required. Victim interaction (not-required): No victim action is needed; the attacker autonomously changes their own display name to trigger the policy match. Attack complexity (info): The exploit is reliable and condition-free; no race conditions or special environmental factors are required to rename a Slack display name and satisfy the allowFrom check.

What is the impact of CVE-2026-53823?

Reads data and resources accessible to the impersonated agent identity, which may include sensitive pipeline outputs, credentials, or internal service responses (VC:H). Modifies data or triggers actions within the scope of the impersonated agent, such as altering workflow configurations or issuing commands on behalf of another user (VI:H). Service availability is not directly affected by this exploit (VA:N). Impact is contained to the vulnerable OpenClaw instance; no lateral scope expansion to external systems is indicated by the CVSS vector (SC:N, SI:N, SA:N).

Back to search

HIGHCVE-2026-53823Published 2026-06-12Modified 2026-06-15CNA VulnCheck

CVE-2026-53823: OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom

Q: What is CVE-2026-53823?

This is an authentication bypass leading to privilege escalation in OpenClaw, a product that uses Slack display names to gate access via its allowFrom feature. The vulnerability is reachable over the network and requires a low-privilege account (any Slack account with the ability to change display names). A successful attacker can impersonate another identity by renaming their Slack display name to match an allowFrom policy entry, gaining unauthorized agent access that was intended for a different user or role. A patched-image rebuild at version 2026.5.3 is available on HarborGuard for affected environments.

Q: How is CVE-2026-53823 fixed?

A patched-image rebuild at OpenClaw 2026.5.3 becomes available on HarborGuard once an affected image version is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads automatically.

OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other identities.

CVSS v4.0: 8.6
Severity: HIGH
Fixed in: 2026.5.3
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an authentication bypass leading to privilege escalation in OpenClaw, a product that uses Slack display names to gate access via its allowFrom feature. The vulnerability is reachable over the network and requires a low-privilege account (any Slack account with the ability to change display names). A successful attacker can impersonate another identity by renaming their Slack display name to match an allowFrom policy entry, gaining unauthorized agent access that was intended for a different user or role. A patched-image rebuild at version 2026.5.3 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-53823 is available across every HarborGuard environment. Affected image versions are matched against customer registries and CI/CD pipelines within minutes of CVE publication, including custom-built images that bundle OpenClaw.

Available

Triage

HarborGuard scores this CVE at 8.6 HIGH using the CVSS v4.0 vector and can weight findings against each environment's compliance policy to determine priority routing. Triage results are surfaced to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at OpenClaw 2026.5.3 becomes available on HarborGuard once an affected image version is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the OpenClaw service over the network to leverage the renamed Slack display name against the allowFrom policy check.
AuthenticationRequired
The attacker needs a low-privilege Slack account with permission to change display name metadata; no admin access is required.
Victim interactionNot required
No victim action is needed; the attacker autonomously changes their own display name to trigger the policy match.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions or special environmental factors are required to rename a Slack display name and satisfy the allowFrom check.

Blast Radius

Reads data and resources accessible to the impersonated agent identity, which may include sensitive pipeline outputs, credentials, or internal service responses (VC:H).
Modifies data or triggers actions within the scope of the impersonated agent, such as altering workflow configurations or issuing commands on behalf of another user (VI:H).
Service availability is not directly affected by this exploit (VA:N).
Impact is contained to the vulnerable OpenClaw instance; no lateral scope expansion to external systems is indicated by the CVSS vector (SC:N, SI:N, SA:N).

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-53823 is active across all connected registries and pipelines, matching images against the affected OpenClaw version range (before 2026.5.3) within minutes of ingestion. For customers with auto-remediation enabled, HarborGuard can rebuild affected images at the fixed version 2026.5.3, run regression tests, and open a pull request against impacted workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and associated PR are staged and held for review. Until a patched image is deployed, consider applying network policy controls to restrict which identities can reach the OpenClaw allowFrom endpoint, and audit existing allowFrom policy entries against current Slack display name assignments to identify any that may already have been manipulated.

See how HarborGuard automates this

Fix available

2026.5.3

Affected packages

OpenClaw / OpenClaw
< 2026.5.3 (from 0)
Fixed in 2026.5.3

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available