← voltar
CVE-2026-53837

OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers

CVSS 6.3 MEDIUMEPSS 0.2%CWE-636
OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted content.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/security/advisories/GHSA-gp79-m99v-gjmhhttps://www.vulncheck.com/advisories/openclaw-missing-channel-type-validation-in-mattermost-event-handlers