CVE-2026-53851

Sažetak

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.

Reference

https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8
https://www.vulncheck.com/advisories/openclaw-slack-reaction-event-notification-bypass

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

16-06-2026 - 20:42

Objavljeno

16-06-2026 - 19:17