← volver
CVE-2026-53837

OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers

CVSS 6.3 MEDIUMEPSS 0.2%CWE-636
OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted content.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
OpenClaw · OpenClaw

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/openclaw/openclaw/security/advisories/GHSA-gp79-m99v-gjmhhttps://www.vulncheck.com/advisories/openclaw-missing-channel-type-validation-in-mattermost-event-handlers