What happened
CVE-2026-53851 (CVSS 5.3 MEDIUM) published 2026-06-16. OpenClaw before 2026.5.12 contains a notification bypass where Slack reaction events enter the agent pipeline despite the feature being disabled in configuration, allowing attackers to trigger unintended agent processing.
Why it matters
While lower severity, this demonstrates a class of configuration-bypass attacks against AI agent event pipelines where security controls enforced at the configuration layer are not enforced at the event-processing layer — a risk pattern for all event-driven agentic platforms.
Attack vector
An attacker sends Slack reaction events to trigger unintended agent processing even when reaction notifications are configured as disabled, potentially causing unintended agent actions or resource consumption.
Affected systems
OpenClaw < 2026.5.12 (Slack integration)
Mitigation
Upgrade OpenClaw to version 2026.5.12 or later. Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8