Authorization Bypass in OpenClaw Affects QQBot Streaming Command
CVE-2026-53833
7.4HIGH
What is CVE-2026-53833?
OpenClaw versions before 2026.4.29 display an authorization bypass vulnerability within the QQBot streaming command. This issue permits authenticated users to alter the QQBot streaming configuration without the necessary explicit allowFrom restrictions, enabling attackers to circumvent intended administrative policies and perform unauthorized modifications by accessing the affected command beyond the non-wildcard allowlist entry requirements.
Affected Version(s)
OpenClaw 0 < 2026.4.29
OpenClaw 2026.4.29
