CVE ID :CVE-2026-53857 Published : June 16, 2026, 6:05 p.m. | 1 hour, 3 minutes ago Description :OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-53857 - OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy

VERWANDTEARTIKEL

CVE-2026-53866 - OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

CVE-2026-53864 - OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables

CVE-2026-53855 - OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks

CVE-2026-53853 - OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS

CVE-2026-53849 - OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom

CVE-2026-53843 - OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session