Which versions of OpenClaw Nextcloud Talk are affected by CVE-2026-28474?

OpenClaw's Nextcloud Talk plugin versions 2026.2.2 and earlier contain a critical authentication bypass that allows unauthenticated attackers to impersonate allowlisted users and access restricted…. A patch is available.

OpenClaw Nextcloud Talk CVE-2026-28474

Q: What is the CVSS score of CVE-2026-28474?

CVE-2026-28474 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

CRITICAL

Incorrect Authorization (CWE-863)

2026-03-05 disclosure@vulncheck.com

GHSA-r5h9-vjqc-hq3r

Authentication Bypass Nextcloud

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 06, 2026 - 14:58 vuln.today

Analysis Updated

May 06, 2026 - 14:58 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 06, 2026 - 14:52 vuln.today

cvss_changed

CVSS changed

May 06, 2026 - 14:52 NVD

9.8 (CRITICAL) 9.3 (CRITICAL)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 05, 2026 - 22:16 nvd

CRITICAL 9.8

DescriptionNVD

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations.

AnalysisAI

Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to bypass DM and room allowlists by spoofing display names. Attackers can change their Nextcloud display name to match an allowlisted user ID, gaining unauthorized access to restricted conversations without authentication. …

RemediationAI

Within 24 hours: Identify all Nextcloud instances running OpenClaw Talk plugin version 2026.2.2 or earlier and assess current user access logs for suspicious display name changes. Within 7 days: Apply vendor patch to upgrade all affected instances to version 2026.2.6 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-28474 vulnerability details – vuln.today

Back

OpenClaw Nextcloud Talk CVE-2026-28474

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

OpenClaw Nextcloud Talk CVE-2026-28474

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code