What is CVE-2026-53860?

CVE-2026-53860 is a medium-severity vulnerability in Openclaw, classified under CWE-807. CVSS score: 4.2/10. Published 2026-06-16.

How severe is CVE-2026-53860?

Medium severity. CVSS v3 base score is 4.2 out of 10.

Auth bypass in Openclaw

CVE-2026-53860

OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversatio…

CVSS v3 metric

CVSS v3 base score 4.2 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Openclaw — versions 0, 2026.5.7

Weakness classification (CWE)

CWE-807
CWE-863 — Incorrect Authorization

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-53860?: CVE-2026-53860 is a medium-severity vulnerability in Openclaw, classified under CWE-807. CVSS score: 4.2/10. Published 2026-06-16.
How severe is CVE-2026-53860?: Medium severity. CVSS v3 base score is 4.2 out of 10.