Skip to main content

OpenClaw Nextcloud Talk CVE-2026-28474

CRITICAL
Incorrect Authorization (CWE-863)
2026-03-05 disclosure@vulncheck.com GHSA-r5h9-vjqc-hq3r
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Source Code Evidence Fetched
May 06, 2026 - 14:58 vuln.today
Analysis Updated
May 06, 2026 - 14:58 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 06, 2026 - 14:52 vuln.today
cvss_changed
CVSS changed
May 06, 2026 - 14:52 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 05, 2026 - 22:16 nvd
CRITICAL 9.8

DescriptionCVE.org

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations.

AnalysisAI

Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to bypass DM and room allowlists by spoofing display names. Attackers can change their Nextcloud display name to match an allowlisted user ID, gaining unauthorized access to restricted conversations without authentication. EPSS score is low (0.05%, 16th percentile), indicating low observed exploitation probability. No active exploitation confirmed; vulnerability was responsibly disclosed by AISLE Research Team and patched in version 2026.2.6.

Technical ContextAI

The vulnerability stems from improper authorization (CWE-863) in the @openclaw/nextcloud-talk npm package. Nextcloud Talk webhooks provide two actor identifiers: actor.id (stable, immutable user ID) and actor.name (mutable display name controlled by the user). The flawed implementation performed allowlist validation using string equality matching against both fields. Because actor.name is user-controlled and can be changed at will through Nextcloud's profile settings, attackers could set their display name to match any allowlisted user ID string. The policy.ts module's resolveNextcloudTalkAllowlistMatch function treated display names as trusted identifiers equivalent to actual user IDs. The fix removes all senderName parameters from allowlist validation logic, ensuring only the immutable actor.id field is checked. This is a classic confused deputy problem where the system trusted attacker-controllable input (display name) as if it were a verified identity claim (user ID).

RemediationAI

Upgrade the @openclaw/nextcloud-talk package to version 2026.2.6 or later via npm (npm install @openclaw/nextcloud-talk@latest). The patch commit 6b4b6049b47c3329a7014509594647826669892d removes display name matching from allowlist validation logic, ensuring only immutable actor.id fields are checked. Organizations unable to upgrade immediately should remove allowlist-based access controls and temporarily switch to open access or alternative authentication mechanisms until patching is complete, accepting the trade-off of reduced granular access control. Do not attempt to block specific display names as a workaround-the vulnerability is architectural and cannot be mitigated through configuration. Review conversation access logs for the period between January 20, 2026 (vulnerability introduction) and patch deployment to identify potential unauthorized access; look for actor.name values matching allowlisted user IDs where actor.id differs. Vendor advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-r5h9-vjqc-hq3r. VulnCheck advisory: https://www.vulncheck.com/advisories/openclaw-nextcloud-talk-allowlist-bypass-via-actorname-display-name-spoofing.

CVE-2023-26482 HIGH POC
8.8 Mar 30

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2020-8180 CRITICAL POC
9.9 Jun 08

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk co

CVE-2023-48306 CRITICAL POC
9.8 Nov 21

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8),

CVE-2016-9463 HIGH POC
8.1 Mar 28

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authenti

CVE-2023-31128 HIGH POC
8.8 May 26

NextCloud Cookbook is a recipe library app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

CVE-2023-28643 HIGH POC
8.8 Mar 30

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2021-22879 HIGH POC
8.8 Apr 14

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowi

CVE-2019-12739 HIGH POC
8.8 Jun 05

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution vi

CVE-2020-8259 HIGH POC
8.1 Nov 16

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the

CVE-2020-8121 HIGH POC
8.1 Feb 04

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. Rated high

CVE-2020-8182 HIGH POC
8.0 Oct 05

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permiss

CVE-2020-8224 HIGH POC
7.8 Aug 10

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL confi

Share

CVE-2026-28474 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy