CVE-2026-53815: openclaw Message Read Action Channel Allowlist Bypass
A flaw in OpenClaw's message read action lets a lower-trust caller fetch messages from channels they are not supposed to access, bypassing the operator-configured channel allowlist.
The problem
OpenClaw versions up to and including 2026.5.19-beta.2 expose a message read action that skips the channel allowlist check applied during normal message delivery.
A caller with lower-trust access to that action can supply an arbitrary channel identifier and retrieve messages the operator never intended to expose. Impact is limited to confidentiality, but the exposed data is whatever the target channel contains.
The fix
Upgrade to openclaw 2026.5.19 or later via `npm install openclaw@latest`. As a short-term mitigation, restrict access to message read actions to trusted operators only and keep channel allowlists as narrow as possible. Avoid sharing one Gateway instance between mutually untrusted users, and disable the affected feature when it is not needed.
Reported by steipete.
Related research
- high · 8.8CVE-2026-53821: openclaw Trusted-Proxy WebSocket Scope Elevation
- high · 8.4CVE-2026-53814CVE-2026-53814: openclaw Hook-Triggered CLI Privilege Escalation to Owner MCP Scope
- high · 8CVE-2026-35630: openclaw QQBot Native Approval Button Authorization Bypass
- high · 7.1CVE-2026-53831: openclaw system.run Safe-Bin Allowlist Bypass via Shell Expansion