CVE-2026-53851

OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass

CVSS 6.3 MEDIUMEPSS 0.2%CWE-862

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

16 jun 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8 https://www.vulncheck.com/advisories/openclaw-slack-reaction-event-notification-bypass