Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 3 npm packages depend on openclaw (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.3.28.
DescriptionCVE.org
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.
AnalysisAI
Unauthenticated attackers can force OpenClaw versions before 2026.3.28 to download and store arbitrary media files through Zalo messaging channels, bypassing sender authorization checks. The flaw allows remote exploitation without authentication (CVSS 9.8 critical) to consume network bandwidth and storage resources. No public exploit identified at time of analysis, though the attack vector is straightforward given the lack of pre-validation authorization checks. Vendor-released patch available via commit 68ceaf7a5.
Technical ContextAI
OpenClaw is a messaging platform integration framework that handles media from multiple channels including Zalo, a Vietnamese messaging service. The vulnerability stems from CWE-863 (Incorrect Authorization), where the application violates secure design principles by performing expensive operations-network fetches and disk I/O-before validating sender permissions. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates this is a network-accessible flaw with low attack complexity requiring no privileges or user interaction. The architecture flaw allows message processing to reach resource-intensive stages (HTTP download, filesystem write) before authorization gates are applied, creating an exploitable window for abuse. This represents a time-of-check-time-of-use variant where the expensive operation precedes the security check rather than following it.
RemediationAI
Upgrade to OpenClaw version 2026.3.28 or later, which implements proper authorization checks before media download and storage operations. The vendor-released patch is available via GitHub commit 68ceaf7a5f64a23e78b95eff055e4b497218312a at https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312a. Organizations unable to immediately upgrade should consider temporary mitigation by disabling Zalo channel integration or implementing network-level controls to restrict inbound Zalo message processing to authorized senders only, though this may require custom firewall rules or API gateway filtering. Review stored media directories for unexpected files written during the vulnerable period, as unauthorized senders may have already exploited the flaw to consume storage. Consult the official security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358j and the VulnCheck analysis at https://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel for additional vendor guidance.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17431
GHSA-v2v2-f783-358j