high · 6.5CVE-2026-53815Jul 2, 2026

CVE-2026-53815: openclaw Message Read Action Channel Allowlist Bypass

Pranav Khune
Penetration Testing Team Lead, SecureLayer7

A flaw in OpenClaw's message read action lets a lower-trust caller fetch messages from channels they are not supposed to access, bypassing the operator-configured channel allowlist.

Packageopenclaw
Ecosystemnpm
Affected<= 2026.5.19-beta.2
Fixed in2026.5.19

The problem

OpenClaw versions up to and including 2026.5.19-beta.2 expose a message read action that skips the channel allowlist check applied during normal message delivery.

A caller with lower-trust access to that action can supply an arbitrary channel identifier and retrieve messages the operator never intended to expose. Impact is limited to confidentiality, but the exposed data is whatever the target channel contains.

The fix

Upgrade to openclaw 2026.5.19 or later via `npm install openclaw@latest`. As a short-term mitigation, restrict access to message read actions to trusted operators only and keep channel allowlists as narrow as possible. Avoid sharing one Gateway instance between mutually untrusted users, and disable the affected feature when it is not needed.

Reported by steipete.

References: [1][2][3][4]

Related research