OpenClaw before 2026.5.3 contains a privilege escalation...
High severity
Unreviewed
Published
Jun 13, 2026
to the GitHub Advisory Database
•
Updated Jun 13, 2026
Description
Published by the National Vulnerability Database
Jun 12, 2026
Published to the GitHub Advisory Database
Jun 13, 2026
Last updated
Jun 13, 2026
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other identities.
References