CVE-2026-28454
published 2026-03-05CVE-2026-28454: OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated HTTP POST requests to…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.26%
16.7th percentile
OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated HTTP POST requests to the webhook endpoint that trust attacker-controlled JSON payloads. Remote attackers can forge Telegram updates by spoofing message.from.id and chat.id fields to bypass sender allowlists and execute privileged bot commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclaw | openclaw | < 2026.2.2 | 2026.2.2 |
| openclaw | openclaw | >= 0 < 2026.2.1 | 2026.2.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP POST requests to the OpenClaw Telegram webhook endpoint — absence of webhook secret validation means any POST should be treated as suspicious if the application is running a vulnerable version (prior to 2026.2.2) ↗
- →Inspect incoming Telegram webhook JSON payloads for spoofed or unexpected message.from.id and chat.id field values that do not match known legitimate Telegram user/chat identifiers, as attackers forge these to bypass sender allowlists ↗
- ·The vulnerability is only exploitable when Telegram webhook mode is explicitly enabled in OpenClaw; polling mode is not affected. Prioritize patching or disabling webhook mode on instances running versions prior to 2026.2.2. ↗
- ·The affected package is published under the name 'openclaw' (formerly Moltbot or Clawdbot) on npm and Homebrew. Ensure dependency inventories account for all historical package names when scanning for vulnerable versions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenClaw has a potential access-group authorization bypass if channel type lookup fails
ghsa·2026-02-17
CVE-2026-28454 [CRITICAL] CWE-285 OpenClaw has a potential access-group authorization bypass if channel type lookup fails
OpenClaw has a potential access-group authorization bypass if channel type lookup fails
## Summary
When Telegram webhook mode is enabled without a configured webhook secret, OpenClaw may accept unauthenticated HTTP POST requests at the Telegram webhook endpoint and trust attacker-controlled update JSON. This can allow forged Telegram updates that spoof `message.from.id` / `chat.id`, potentially bypassing sender allowlists and executing privileged bot commands.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `= 2026.2.1`
## Impact
An attacker who can reach the webhook endpoint can forge Telegram updates and impersonate allowlisted/paired senders by spoofing fields in the webhook payload (for example `message.from.id`). Impact depends on enabled commands/tools a
OSV
OpenClaw has a potential access-group authorization bypass if channel type lookup fails
osv·2026-02-17
CVE-2026-28454 [CRITICAL] OpenClaw has a potential access-group authorization bypass if channel type lookup fails
OpenClaw has a potential access-group authorization bypass if channel type lookup fails
## Summary
When Telegram webhook mode is enabled without a configured webhook secret, OpenClaw may accept unauthenticated HTTP POST requests at the Telegram webhook endpoint and trust attacker-controlled update JSON. This can allow forged Telegram updates that spoof `message.from.id` / `chat.id`, potentially bypassing sender allowlists and executing privileged bot commands.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `= 2026.2.1`
## Impact
An attacker who can reach the webhook endpoint can forge Telegram updates and impersonate allowlisted/paired senders by spoofing fields in the webhook payload (for example `message.from.id`). Impact depends on enabled commands/tools a
No detection rules found.
No public exploits indexed.
https://github.com/openclaw/openclaw/commit/3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930https://github.com/openclaw/openclaw/commit/5643a934799dc523ec2ef18c007e1aa2c386b670https://github.com/openclaw/openclaw/commit/633fe8b9c17f02fcc68ecdb5ec212a5ace932f09https://github.com/openclaw/openclaw/commit/ca92597e1f9593236ad86810b66633144b69314dhttps://github.com/openclaw/openclaw/security/advisories/GHSA-fhvm-j76f-qmjvhttps://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-unauthenticated-telegram-webhook
2026-03-05
Published