How is CVE-2026-53833 exploited?

Network reachability (not-required): The CVSS vector specifies AV:L, meaning the attacker needs an existing shell or process on the host rather than any network path to the service. Authentication (not-required): PR:N indicates no account or credential is required to invoke the vulnerable streaming command, though the description notes the attacker is an authenticated sender in the bot context. Victim interaction (not-required): UI:N confirms that no user action, click, or social-engineering step is needed to trigger the authorization bypass. Attack complexity (info): AC:L means the exploit is straightforward and repeatable, but AT:P indicates a specific target condition or configuration state must be present for the attack to succeed.

What is the impact of CVE-2026-53833?

The attacker overwrites QQBot streaming configuration settings, bypassing the intended allowFrom admin allowlist entirely. Modified configuration can redirect or alter streaming behavior outside of administrator-defined policy, affecting how the bot processes or forwards data. Confidential values stored in streaming configuration (such as endpoint URLs or access tokens) may be replaced with attacker-controlled values.

Back to search

HIGHCVE-2026-53833Published 2026-06-12Modified 2026-06-15CNA VulnCheck

CVE-2026-53833: QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

Q: What is CVE-2026-53833?

This is an authorization bypass vulnerability in the QQBot streaming command handler of OpenClaw, a self-hosted bot framework. An attacker with an existing local presence on the host (no network access required) and no special privileges can invoke the affected streaming command and mutate QQBot configuration without passing through the intended admin allowlist restrictions. Successful exploitation lets the attacker overwrite streaming configuration settings outside of authorized admin policy, potentially redirecting or corrupting bot behavior. A patched-image rebuild at version 2026.4.29 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-53833 fixed?

A patched-image rebuild at OpenClaw 2026.4.29 becomes available in HarborGuard the moment the fix version is confirmed against the upstream release. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs the configured regression suite, and opens a pull request against affected workloads automatically.

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching the affected command without non-wildcard allowlist entry requirements.

CVSS v4.0: 7.4
Severity: HIGH
Fixed in: 2026.4.29
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an authorization bypass vulnerability in the QQBot streaming command handler of OpenClaw, a self-hosted bot framework. An attacker with an existing local presence on the host (no network access required) and no special privileges can invoke the affected streaming command and mutate QQBot configuration without passing through the intended admin allowlist restrictions. Successful exploitation lets the attacker overwrite streaming configuration settings outside of authorized admin policy, potentially redirecting or corrupting bot behavior. A patched-image rebuild at version 2026.4.29 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53833 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds (including VulnCheck) within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle OpenClaw.

Available

Triage

HarborGuard scores this CVE at 7.4 HIGH (CVSS v4.0) and surfaces it with per-environment compliance policy weighting, so teams with stricter configuration-integrity requirements receive appropriately elevated priority. Triage results are routed to the inbox or ticketing integration configured for each customer organization.

Available

Patch

A patched-image rebuild at OpenClaw 2026.4.29 becomes available in HarborGuard the moment the fix version is confirmed against the upstream release. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs the configured regression suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityNot required
The CVSS vector specifies AV:L, meaning the attacker needs an existing shell or process on the host rather than any network path to the service.
AuthenticationNot required
PR:N indicates no account or credential is required to invoke the vulnerable streaming command, though the description notes the attacker is an authenticated sender in the bot context.
Victim interactionNot required
UI:N confirms that no user action, click, or social-engineering step is needed to trigger the authorization bypass.
Attack complexityDetail
AC:L means the exploit is straightforward and repeatable, but AT:P indicates a specific target condition or configuration state must be present for the attack to succeed.

Blast Radius

The attacker overwrites QQBot streaming configuration settings, bypassing the intended allowFrom admin allowlist entirely.
Modified configuration can redirect or alter streaming behavior outside of administrator-defined policy, affecting how the bot processes or forwards data.
Confidential values stored in streaming configuration (such as endpoint URLs or access tokens) may be replaced with attacker-controlled values.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-53833 is active across connected registries and pipelines, matching any image that bundles a vulnerable version of OpenClaw (before 2026.4.29). For customers who opt into auto-remediation, HarborGuard generates a rebuilt image at the patched version, runs the configured regression tests, and opens a pull request against affected workloads. For high-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit automatic remediation, HarborGuard flags the affected images in the triage queue for manual review. Because the vulnerable attack vector is local (AV:L), customers who cannot immediately apply the patch can apply compensating controls such as restricting shell and process access on hosts running OpenClaw and auditing which identities can invoke QQBot streaming commands directly.

See how HarborGuard automates this

Fix available

2026.4.29

Affected packages

OpenClaw / OpenClaw
< 2026.4.29 (from 0)
Fixed in 2026.4.29

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available