Authorization Bypass Vulnerability in OpenClaw QQBot by OpenClaw
CVE-2026-53834
8.2HIGH
What is CVE-2026-53834?
The OpenClaw product prior to the 2026.4.27 release contains a significant authorization bypass vulnerability affecting its QQBot feature. This flaw allows authenticated users to bypass the configured allowFrom policy checks when invoking slash commands. Consequently, this may enable attackers to execute commands without proper oversight, circumventing existing access control measures if the operator's configuration inadvertently permits such actions. Addressing this vulnerability is crucial to safeguarding against unauthorized command execution and ensuring the integrity of operational policies.
Affected Version(s)
OpenClaw 0 < 2026.4.27
OpenClaw 2026.4.27
