CVE-2026-53811
🟡 Monitoruj
Wzrost uprawnień w OpenClaw pozwala na dostęp do agentów innych tożsamości Matrix.
CVSS
8.8
EPSS
0.3%
Exploit
none
Vendor
openclaw
Opis źródłowy (NVD)
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration.
privilege-escalation
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-06-11 21:16:23 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-12 19:32:22 UTC |
Referencje
- https://github.com/openclaw/openclaw/security/advisories/GHSA-7hxm-f538-3xp6 (disclosure@vulncheck.com) [Mitigation, Vendor Advisory]
- https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-mutable-display-names-in-matrix-allowfrom (disclosure@vulncheck.com) [Third Party Advisory]