What is the CVSS score of CVE-2026-28454?

CVE-2026-28454 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Openclaw are affected by CVE-2026-28454?

Openclaw versions through 2026.2.2 contain a data authenticity vulnerability (CVSS 7.5) that could allow attackers to manipulate or forge data within the application, potentially compromising data…. A patch is available.

Openclaw CVE-2026-28454

HIGH

Insufficient Verification of Data Authenticity (CWE-345)

2026-03-05 disclosure@vulncheck.com

GHSA-fhvm-j76f-qmjv

Authentication Bypass Openclaw

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

Patch released

Mar 09, 2026 - 18:03 nvd

Patch available

CVE Published

Mar 05, 2026 - 22:16 nvd

HIGH 7.5

DescriptionNVD

OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated HTTP POST requests to the webhook endpoint that trust attacker-controlled JSON payloads. Remote attackers can forge Telegram updates by spoofing message.from.id and chat.id fields to bypass sender allowlists and execute privileged bot commands.

AnalysisAI

Openclaw versions up to 2026.2.2 is affected by insufficient verification of data authenticity (CVSS 7.5).

RemediationAI

Within 24 hours: Inventory all Openclaw instances and confirm affected versions (up to 2026.2.2). Within 7 days: Test and deploy available patch to non-production environments; establish deployment schedule for production systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-28454 vulnerability details – vuln.today

Back

Openclaw CVE-2026-28454

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code