highJul 2, 2026

CVE-2026-53833: OpenClaw QQBot Incorrect Authorization on /bot-streaming Command

Shubham Kandhare
Security Engagement Manager, SecureLayer7

Any QQBot sender could invoke the /bot-streaming admin command and change OpenClaw streaming configuration, even without being on an explicit trusted-sender allowlist.

Packageopenclaw
Ecosystemnpm
Affected<= 2026.4.27
Fixed in2026.4.29

The problem

OpenClaw's QQBot channel exposes a set of admin slash commands, including /bot-streaming, that are supposed to be restricted to senders explicitly named in the allowFrom config (non-wildcard entries only).

Before version 2026.4.29, the /bot-streaming command skipped that check. Any QQBot sender who could reach the command, including those matched only by a wildcard allowFrom: ["*"], could invoke it and mutate the streaming configuration without operator approval.

Proof of concept

A working proof-of-concept for this issue in openclaw, with the exact payload below.

text
/bot-streaming

The other QQBot admin commands (/bot-upgrade, /bot-logs, /bot-approve, etc.) already required an explicit non-wildcard allowFrom entry before this CVE. The /bot-streaming handler was missing that same guard, a classic case of CWE-863 (Incorrect Authorization) where one code path in a set of related commands does not inherit the access control logic applied to its siblings.

The patch in 2026.4.29 aligned /bot-streaming with the rest of the admin command registry: the sender's openid must appear in a named allowFrom entry. A wildcard ["*"] still permits normal chat but no longer grants access to any admin command, including /bot-streaming.

The fix

Upgrade to openclaw 2026.4.29 or later. As a short-term mitigation on older versions, disable the QQBot streaming feature or ensure no QQBot sender can reach the gateway without an explicit non-wildcard openid entry in allowFrom. Remove wildcard allowFrom entries from QQBot config if untrusted senders might reach the channel.

Reported by Anshuman Bhartiya (@anshumanbh).

References: [1][2]

Related research