CVE-2026-28448
published 2026-03-05CVE-2026-28448: OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the…
PriorityP262critical9.4CVSS 3.1
AVNACLPRNUINSUCHIHAL
EPSS
0.44%
35.4th percentile
OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can mention the bot in Twitch chat to bypass access control and invoke the agent pipeline, potentially causing unintended actions or resource exhaustion.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclaw | openclaw | >= 2026.1.29 < 2026.2.1 | 2026.2.1 |
| openclaw | openclaw | >= 2026.1.29 < 2026.2.1 | 2026.2.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthorized Twitch chat mentions of the bot triggering agent dispatch — monitor for bot mention events originating from users not present in the allowFrom allowlist, particularly when allowedRoles is unset or empty in the OpenClaw Twitch plugin configuration. ↗
- →Flag OpenClaw Twitch plugin deployments where allowedRoles is unset or empty, as this is the precondition for the access control bypass. ↗
- ·The vulnerability only applies when the Twitch plugin is installed AND enabled in OpenClaw. Instances without the plugin are not affected. ↗
- ·The access control bypass is specifically triggered when allowedRoles is unset or empty — a non-empty allowedRoles configuration is required to enforce the allowFrom allowlist. ↗
- ·Affected versions are OpenClaw 2026.1.29 up to (not including) 2026.2.1. Upgrading to 2026.2.1 or later remediates the issue. ↗
CVSS provenance
nvdv3.19.4CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
osv·2026-02-17
CVE-2026-28448 [HIGH] OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
### Summary
In the optional Twitch channel plugin (`extensions/twitch`), `allowFrom` is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate. If `allowedRoles` is unset or empty, the access control path defaulted to allow, so any Twitch user who could mention the bot could reach the agent dispatch pipeline.
**Scope note:** This only affects deployments that installed and enabled the Twitch plugin. Core OpenClaw installs that do not install/enable the Twitch plugin are not impacted.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `>= 2026.1.29, = 2026.2.1`
### Details
Affected component: Twitch plugin access con
GHSA
OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
ghsa·2026-02-17
CVE-2026-28448 [HIGH] CWE-285 OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
### Summary
In the optional Twitch channel plugin (`extensions/twitch`), `allowFrom` is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate. If `allowedRoles` is unset or empty, the access control path defaulted to allow, so any Twitch user who could mention the bot could reach the agent dispatch pipeline.
**Scope note:** This only affects deployments that installed and enabled the Twitch plugin. Core OpenClaw installs that do not install/enable the Twitch plugin are not impacted.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `>= 2026.1.29, = 2026.2.1`
### Details
Affected component: Twitch plugin access con
No detection rules found.
No public exploits indexed.
2026-03-05
Published