CVE-2026-53830— OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload
Possible ATT&CK Techniques 1AI
T1114 · Email CollectionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53830
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation, potentially accepting previous credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的会话过期机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 会话机制问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw团队开源的一个智能人工助理。 OpenClaw 2026.4.22之前版本存在会话机制问题漏洞,该漏洞源于secrets.reload后旧Slack和Zalo webhook密钥未被正确撤销,可能导致攻击者在操作者预期吊销密钥后仍利用旧密钥窗口发送webhook事件,可能接受之前凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53830
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53830
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53830 (2)
Same Patch Batch · OpenClaw · 2026-06-12 · 20 CVEs total
| CVE-2026-53838 | 9.8 CRITICAL | OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection |
| CVE-2026-53822 | 8.8 HIGH | OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval an |
| CVE-2026-53836 | 8.8 HIGH | OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases |
| CVE-2026-53821 | 8.8 HIGH | OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket |
| CVE-2026-53828 | 8.8 HIGH | OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement |
| CVE-2026-53831 | 8.3 HIGH | OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allo |
| CVE-2026-53823 | 8.1 HIGH | OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom |
| CVE-2026-53829 | 8.0 HIGH | OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display |
| CVE-2026-53833 | 7.7 HIGH | QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command |
| CVE-2026-53832 | 7.7 HIGH | OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration |
| CVE-2026-53834 | 7.5 HIGH | OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands |
| CVE-2026-53820 | 6.6 MEDIUM | OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn |
| CVE-2026-53825 | 6.5 MEDIUM | OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write |
| CVE-2026-53824 | 6.5 MEDIUM | Mattermost plugin for OpenClaw < 2026.4.24 - Slash Token Revocation Lag via Monitor Refres |
| CVE-2026-53827 | 6.5 MEDIUM | OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.acti |
| CVE-2026-53839 | 6.5 MEDIUM | OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation |
| CVE-2026-53826 | 4.3 MEDIUM | OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn |
| CVE-2026-53835 | 4.3 MEDIUM | OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings |
| CVE-2026-53837 | 3.7 LOW | OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To
Same vendor: OpenClaw
- CVE-2026-53865
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Works - CVE-2026-53866
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Comm - CVE-2026-53864
OpenClaw < 2026.5.26 - Insufficient Environment Variable San - CVE-2026-53862
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pa - CVE-2026-53863
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in To
Same weakness: CWE-613
- CVE-2025-62340
HCL iControl was affected by Inadequate Session Timeout vuln - CVE-2026-53843
OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pair - CVE-2026-53776
Perry < 0.5.1166 JWT Expiration Bypass via verify_decode - CVE-2026-44188
Ansible-lightspeed: ansible lightspeed: session hijacking an - CVE-2026-53824
Mattermost plugin for OpenClaw < 2026.4.24 - Slash Token Rev
V. Comments for CVE-2026-53830
No comments yet