CVE-2026-53833 — OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restriction — CVE Database · The Intelligence Room