CVE-2026-53835

MEDIUM NVD

CVSS Score 4.3

Severity MEDIUM

Published Jun 12, 2026

Vendor unknown

Description

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding feature to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-3wqp-prf6-2m72
https://www.vulncheck.com/advisories/openclaw-config-write-enforcement-bypass-in-feishu-dynamic-agent-bindings