CVE-2026-53834— OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53834
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering command handling from blocked senders depending on operator configuration.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53834
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53834
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53834 (2)
Same Patch Batch · OpenClaw · 2026-06-12 · 20 CVEs total
| CVE-2026-53838 | 9.8 CRITICAL | OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection |
| CVE-2026-53822 | 8.8 HIGH | OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval an |
| CVE-2026-53836 | 8.8 HIGH | OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases |
| CVE-2026-53821 | 8.8 HIGH | OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket |
| CVE-2026-53828 | 8.8 HIGH | OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement |
| CVE-2026-53831 | 8.3 HIGH | OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allo |
| CVE-2026-53823 | 8.1 HIGH | OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom |
| CVE-2026-53829 | 8.0 HIGH | OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display |
| CVE-2026-53833 | 7.7 HIGH | QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command |
| CVE-2026-53832 | 7.7 HIGH | OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration |
| CVE-2026-53820 | 6.6 MEDIUM | OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn |
| CVE-2026-53827 | 6.5 MEDIUM | OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.acti |
| CVE-2026-53825 | 6.5 MEDIUM | OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write |
| CVE-2026-53824 | 6.5 MEDIUM | Mattermost plugin for OpenClaw < 2026.4.24 - Slash Token Revocation Lag via Monitor Refres |
| CVE-2026-53830 | 6.5 MEDIUM | OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload |
| CVE-2026-53839 | 6.5 MEDIUM | OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation |
| CVE-2026-53826 | 4.3 MEDIUM | OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn |
| CVE-2026-53835 | 4.3 MEDIUM | OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings |
| CVE-2026-53837 | 3.7 LOW | OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-53839
OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Tru - CVE-2026-53837
OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mat - CVE-2026-53838
OpenClaw < 2026.5.27 - Node Pairing State Mutation via Recon - CVE-2026-53836
OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encod - CVE-2026-53835
OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Fei
Same vendor: OpenClaw
- CVE-2026-53839
OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Tru - CVE-2026-53838
OpenClaw < 2026.5.27 - Node Pairing State Mutation via Recon - CVE-2026-53837
OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mat - CVE-2026-53836
OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encod - CVE-2026-53835
OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Fei
Same weakness: CWE-863
- CVE-2026-2470
Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticate - CVE-2026-53835
OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Fei - CVE-2026-53828
OpenClaw < 2026.5.6 - Native Command Authorization Bypass vi - CVE-2026-54398
MISP object edit authorization bypass allows unauthorized sh - CVE-2026-53521
Nezha Monitoring: Stored future DDNS profile ID allows unaut
V. Comments for CVE-2026-53834
No comments yet