Severity by source
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable unauthenticated flaw requiring crafted event delivery (AC:H); impact is limited to low integrity bypass with no confidentiality or availability effect.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Blast Radius
ecosystem impact- 1 npm packages depend on openclaw (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.5.6.
DescriptionCVE.org
OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted content.
AnalysisAI
Improper access control in OpenClaw's Mattermost event handler integration allows remote unauthenticated attackers to bypass direct message (DM) policy enforcement by submitting crafted Mattermost events that deliberately omit channel type metadata. All OpenClaw versions prior to 2026.5.6 are affected. No public exploit or active exploitation has been identified at time of analysis, but the network-accessible and unauthenticated nature of the flaw (PR:N per CVSS 4.0) makes it actionable for deployments that rely on DM policies as a meaningful access control boundary.
Technical ContextAI
OpenClaw (CPE: cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*) integrates with Mattermost's event-driven messaging platform, processing incoming Mattermost events including those governing direct message channel access. The root cause is CWE-636 ('Not Failing Securely - Fail Open'): when an event arrives with the channel_type metadata field absent, the handler does not reject or quarantine the malformed event. Instead, it processes the event without applying the intended DM policy logic, defaulting to permissive behavior. This is a classic fail-open security defect where missing input is treated as a permitted state rather than an error requiring denial. The CVSS 4.0 AT:P metric confirms that specific attack prerequisites - namely, the ability to send Mattermost events with crafted missing fields - must be in place for exploitation.
RemediationAI
The primary fix is to upgrade OpenClaw to version 2026.5.6 or later, which resolves the missing channel_type validation in the Mattermost event handler. The vendor advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-gp79-m99v-gjmh should be consulted for upgrade instructions. If immediate patching is not feasible, restrict network-level access to OpenClaw's Mattermost event handler endpoints so that only traffic originating from the trusted Mattermost server is accepted - this reduces the attack surface by preventing arbitrary external parties from delivering crafted events, though it does not eliminate risk from compromised Mattermost integration tokens. Additionally, enabling application-level logging for malformed or incomplete Mattermost events (those missing channel_type fields) can serve as a detection control to identify exploitation attempts while a patch is being deployed.
More in Mattermost
View allDenial of service in linkify-it (npm) through v5.0.0 lets remote unauthenticated attackers wedge a rendering worker by s
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large auto
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded w
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perf
Fleet is an open source osquery manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invit
Dex is a federated OpenID Connect provider written in Go. Rated critical severity (CVSS 9.6), this vulnerability is remo
Improper output escaping in NousResearch Hermes Agent versions up to 2026.4.16 allows remote unauthenticated attackers t
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, wh
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker posse
Privilege escalation in Mattermost server (11.6.x, 11.5.x, and 10.11.x branches) allows a low-privileged user holding gr
Authorization bypass in Mattermost Plugin Legal Hold versions <=1.1.4 allows authenticated attackers to manipulate legal
Same weakness CWE-636 – Not Failing Securely ('Failing Open')
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36625
GHSA-chqm-wxm2-w73w