CVE-2026-53851

EUVD-2026-37153
OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
openclawopenclaw
𝑥
< 2026.5.12
CNA
Common Weakness Enumeration
References
https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8
https://www.vulncheck.com/advisories/openclaw-slack-reaction-event-notification-bypass