Skip to main content

OpenClaw EUVDEUVD-2026-36621

| CVE-2026-53833 HIGH
Authentication Bypass by Spoofing (CWE-290)
2026-06-12 VulnCheck GHSA-r27j-fxmq-rg2q
7.4
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Attacker must reach the bot's local command channel as an authenticated QQ sender (AV:L, PR:L); exploitation depends on a permissive allowFrom configuration (AC:H); availability is unaffected.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 13, 2026 - 02:00 EUVD
Analysis Generated
Jun 12, 2026 - 22:35 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.4.29.

DescriptionCVE.org

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching the affected command without non-wildcard allowlist entry requirements.

AnalysisAI

Authorization bypass in OpenClaw versions prior to 2026.4.29 allows authenticated QQBot senders to modify streaming configuration without satisfying the intended allowFrom allowlist policy, when those entries lack non-wildcard restrictions. The flaw stems from missing identity verification on the QQBot streaming command path (CWE-290) and was reported by VulnCheck; no public exploit identified at time of analysis.

Technical ContextAI

OpenClaw integrates a QQBot streaming command handler that is expected to be gated by an allowFrom policy specifying which QQ identities may invoke configuration-mutating actions. The root cause is CWE-290 (Authentication Bypass by Spoofing): the streaming command dispatcher accepts senders whose identity matches only wildcard or absent allowlist entries, effectively skipping the explicit per-sender authorization check. The affected component is identified in NVD CPE data as cpe:2.3:a:qqbot:qqbot:*:*:*:*:*:*:*:* under the OpenClaw project, indicating the QQBot adapter module is the vulnerable surface rather than core OpenClaw routing logic.

RemediationAI

Upgrade OpenClaw to version 2026.4.29 or later, which enforces non-wildcard allowFrom checks on the QQBot streaming command (see GHSA-jvm4-4j77-39p6). Until the patch can be deployed, audit every QQBot allowFrom configuration and replace any wildcard (*) or absent entries with explicit QQ identifiers for authorized administrators, accepting the side effect that legitimate but unlisted senders will lose access to streaming commands. As an additional compensating control, restrict the QQBot adapter's network reachability so only the intended bot framework process can deliver commands to the OpenClaw endpoint, which prevents external command injection at the cost of breaking any out-of-band integrations.

Share

EUVD-2026-36621 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy