Authorization Bypass in OpenClaw Affects QQBot Streaming Command
CVE-2026-53833

7.4HIGH

Key Information:

Vendor

Openclaw

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-53833?

OpenClaw versions before 2026.4.29 display an authorization bypass vulnerability within the QQBot streaming command. This issue permits authenticated users to alter the QQBot streaming configuration without the necessary explicit allowFrom restrictions, enabling attackers to circumvent intended administrative policies and perform unauthorized modifications by accessing the affected command beyond the non-wildcard allowlist entry requirements.

Affected Version(s)

OpenClaw 0 < 2026.4.29

OpenClaw 2026.4.29

References

CVSS V4

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anshuman Bhartiya (@anshumanbh)
.