CVE-2026-53837
Received Received - Intake
Improper Access Control in OpenClaw Mattermost Integration

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: VulnCheck

Description
OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted content.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2026-53837
EUVD
EUVD-2026-36625
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openclaw openclaw to 2026.5.6 (exc)
mattermost mattermost *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-636 When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.6 and involves improper access control in Mattermost event handlers. Specifically, the handlers fail to validate the channel type metadata correctly. As a result, attackers can send specially crafted Mattermost events that omit channel type information, allowing them to bypass direct message (DM) policy restrictions and process content that should be restricted.

Impact Analysis

The impact of this vulnerability is that unauthorized users may bypass intended direct message policies and access or process restricted content within Mattermost. This could lead to exposure of sensitive information or unauthorized actions within the communication platform.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53837. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart