Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue signal reaction status lines for sessions without proper DM or group access validation.
AnalysisAI
OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in the signal reaction notification handling mechanism that allows unauthenticated attackers to enqueue status events before authorization checks are performed. Attackers can exploit the reaction-only event path in event-handler.ts to inject signal reaction status lines into sessions without validating proper DM or group access permissions, resulting in integrity compromise. The vulnerability has a CVSS score of 3.7 (low-to-moderate severity) with an attack vector of network, high complexity, and no privileges required, though no active exploitation or public proof-of-concept has been confirmed in known exploit databases.
Technical ContextAI
The vulnerability resides in OpenClaw's event handling architecture, specifically in the event-handler.ts component that processes signal reaction notifications. The root cause is classified under CWE-863 (Incorrect Authorization), where access control checks are performed after event enqueueing rather than before. The affected product is identified via CPE as cpe:2.3:a:openclaw:openclaw (all versions prior to 2026.2.25). The flaw exploits the reaction-only event processing path, which bypasses standard DM (direct message) and group access validation mechanisms. This represents a classic broken access control pattern where the order of security operations—specifically post-enqueue validation instead of pre-enqueue validation—creates an authorization bypass window.
RemediationAI
Upgrade OpenClaw to version 2026.2.25 or later immediately, referencing the vendor patch commit 2aa7842adeedef423be7ce283a9144b9f1a0a669 available at https://github.com/openclaw/openclaw/commit/2aa7842adeedef423be7ce283a9144b9f1a0a669. Organizations unable to patch immediately should implement network-level access controls to restrict signal reaction event submission to trusted internal sources, disable or restrict direct message and group reaction features until patching is possible, and monitor event handler logs for suspicious reaction event enqueueing patterns that precede authorization failures. Review recent access logs for any evidence of unauthorized reaction status events being queued to sessions without proper group or DM permissions.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13947