OpenClaw Nextcloud Talk CVE-2026-28474
CRITICALSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations.
AnalysisAI
Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to bypass DM and room allowlists by spoofing display names. Attackers can change their Nextcloud display name to match an allowlisted user ID, gaining unauthorized access to restricted conversations without authentication. EPSS score is low (0.05%, 16th percentile), indicating low observed exploitation probability. No active exploitation confirmed; vulnerability was responsibly disclosed by AISLE Research Team and patched in version 2026.2.6.
Technical ContextAI
The vulnerability stems from improper authorization (CWE-863) in the @openclaw/nextcloud-talk npm package. Nextcloud Talk webhooks provide two actor identifiers: actor.id (stable, immutable user ID) and actor.name (mutable display name controlled by the user). The flawed implementation performed allowlist validation using string equality matching against both fields. Because actor.name is user-controlled and can be changed at will through Nextcloud's profile settings, attackers could set their display name to match any allowlisted user ID string. The policy.ts module's resolveNextcloudTalkAllowlistMatch function treated display names as trusted identifiers equivalent to actual user IDs. The fix removes all senderName parameters from allowlist validation logic, ensuring only the immutable actor.id field is checked. This is a classic confused deputy problem where the system trusted attacker-controllable input (display name) as if it were a verified identity claim (user ID).
RemediationAI
Upgrade the @openclaw/nextcloud-talk package to version 2026.2.6 or later via npm (npm install @openclaw/nextcloud-talk@latest). The patch commit 6b4b6049b47c3329a7014509594647826669892d removes display name matching from allowlist validation logic, ensuring only immutable actor.id fields are checked. Organizations unable to upgrade immediately should remove allowlist-based access controls and temporarily switch to open access or alternative authentication mechanisms until patching is complete, accepting the trade-off of reduced granular access control. Do not attempt to block specific display names as a workaround-the vulnerability is architectural and cannot be mitigated through configuration. Review conversation access logs for the period between January 20, 2026 (vulnerability introduction) and patch deployment to identify potential unauthorized access; look for actor.name values matching allowlisted user IDs where actor.id differs. Vendor advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-r5h9-vjqc-hq3r. VulnCheck advisory: https://www.vulncheck.com/advisories/openclaw-nextcloud-talk-allowlist-bypass-via-actorname-display-name-spoofing.
Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remo
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk co
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8),
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authenti
NextCloud Cookbook is a recipe library app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,
Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remo
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowi
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution vi
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. Rated high
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permiss
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL confi
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-r5h9-vjqc-hq3r