{"uuid": "608deaff-fce9-406e-b0ea-a97720d5733f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53860", "type": "seen", "source": "https://gist.github.com/alon710/9745ea7f614dc3dd47451c872d75fca1", "content": "# CVE-2026-53860: CVE-2026-53860: Sender Policy Bypass in OpenClaw BlueBubbles Integration\n\n> **CVSS Score:** 4.2\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53860\n\n## Summary\nCVE-2026-53860 details an authorization bypass in the OpenClaw AI gateway's BlueBubbles integration. The vulnerability arises because the sender policy check validates mutable conversation-level metadata rather than verified, stable sender identities. This allows unauthorized group chat participants to manipulate metadata, match allowlist rules, and run unauthorized AI agent actions.\n\n## TL;DR\nA vulnerability in OpenClaw's BlueBubbles integration allows unauthorized participants to bypass sender validation by manipulating conversation metadata. Upgrading to version 2026.5.7 resolves the flaw by enforcing checks on stable sender identities.\n\n## Technical Details\n\n- **CWE ID**: CWE-807 / CWE-863\n- **Attack Vector**: Network\n- **CVSS v3.1**: 4.2 (Medium)\n- **EPSS Score**: 0.00136 (Percentile: 3.38%)\n- **Impact**: Sender Policy Bypass & Unauthorized Command Execution\n- **Exploit Status**: No public PoC or active exploitation\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- OpenClaw < 2026.5.7\n- **openclaw**: < 2026.5.7 (Fixed in: `2026.5.7`)\n\n## Mitigation\n\n- Upgrade to OpenClaw version 2026.5.7 or later\n- Strictly use stable, immutable sender identifiers (phone numbers, iCloud emails) in policies\n- Restrict permissions to alter group chat metadata within BlueBubbles\n- Limit the permissions and tools accessible by the AI agent\n\n**Remediation Steps:**\n1. Verify current OpenClaw version using the package manager\n2. Update the openclaw package to version 2026.5.7 via npm or your deployment pipeline\n3. Inspect existing configuration files to replace conversation-level allowlist rules with verified sender handles\n4. Restart the OpenClaw gateway service to apply the updated configuration\n\n## References\n\n- [GitHub Security Advisory GHSA-8j37-5w68-wj2g](https://github.com/openclaw/openclaw/security/advisories/GHSA-8j37-5w68-wj2g)\n- [VulnCheck Advisory](https://www.vulncheck.com/advisories/openclaw-sender-policy-bypass-via-mutable-conversation-identifiers-in-bluebubbles)\n- [OpenClaw GitHub Repository](https://github.com/openclaw/openclaw)\n- [NVD CVE-2026-53860](https://nvd.nist.gov/vuln/detail/CVE-2026-53860)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53860) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T08:41:59.000000Z"}