What happened
CVE-2026-53849 (CVSS 8.1 HIGH) published 2026-06-16. The allowFrom feature in OpenClaw uses Discord display names — which any user can change at will — as the identity anchor for policy enforcement, rather than the stable, immutable Discord user ID. This allows any Discord user to gain unauthorised agent access by simply renaming their account to match an allowlisted name.
Why it matters
AI agents operating via Discord channels are increasingly used in enterprise and community automation workflows. A policy bypass here means an attacker can inject arbitrary prompts into the agent pipeline, exfiltrate data the agent has access to, or trigger privileged agent actions — all by performing a trivial account rename with no technical exploit required.
Attack vector
OpenClaw's allowFrom access-control feature validates Discord account identity using mutable display names rather than immutable user IDs. An attacker changes their Discord display name to match a policy entry, causing OpenClaw to grant them agent access intended for the legitimate user.
Affected systems
OpenClaw < 2026.5.7
Mitigation
Upgrade OpenClaw to version 2026.5.7 or later. Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-cw4q-gqg5-g38h