CVE-2026-53857: OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy

Synopsis

This is a policy enforcement vulnerability in OpenClaw, affecting versions before 2026.5.3. An authenticated attacker over the network can manipulate a mutable Zalo contact display name to match an allowFrom policy entry, causing the system to treat them as a trusted identity. Successful exploitation lets the attacker receive agent responses intended for a different Zalo identity, disclosing sensitive message content and enabling unauthorized message injection. A patched-image rebuild at version 2026.5.3 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityRequired

  The vulnerable OpenClaw service must be reachable over the network; the attacker sends crafted requests from a remote host.

• AuthenticationRequired

  The attacker must hold a low-privilege account (a valid Zalo contact identity) sufficient to trigger the allowFrom policy matching logic.

• Victim interactionNot required

  No victim action is needed; the attacker manipulates their own display name and the policy matching occurs server-side without any user interaction.

• Attack complexityDetail

  Attack complexity is low; the exploit requires no race conditions or special environmental conditions, only a deliberate display name change to match a policy entry.

Blast Radius

• The attacker reads agent response messages intended for a different, legitimate Zalo identity, disclosing potentially sensitive conversation content.
• The attacker receives authorized agent replies as if they were a trusted identity, effectively impersonating that identity within the Zalo integration.
• Confidentiality and integrity of the affected Zalo channel are both compromised; the legitimate identity may be silently denied responses that were redirected to the attacker.