Which versions of OpenClaw are affected by CVE-2026-8305?

OpenClaw versions prior to 2026.2.12 contain an authentication bypass vulnerability in the BlueBubbles webhook handler that allows unauthenticated remote attackers to execute arbitrary webhook…. A patch is available.

Is there a public PoC exploit available for CVE-2026-8305?

Yes, a public proof-of-concept exploit is available for CVE-2026-8305. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2026-8305?

Within 24 hours: audit all OpenClaw instances to identify current versions and webhook integrations in use. Within 7 days: upgrade all OpenClaw deployments to version 2026.2.12 or later, prioritizing production environments with BlueBubbles integration. Within 30 days: review webhook logs for suspicious requests originating from localhost or spoofed IP ranges, and implement network-level controls restricting webhook endpoint access to trusted sources only.

OpenClaw CVE-2026-8305

Q: What is the CVSS score of CVE-2026-8305?

CVE-2026-8305 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2026-29158 MEDIUM

Improper Authentication (CWE-287)

2026-05-11 VulDB

GHSA-7g7j-xm76-28w4

Authentication Bypass

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 11, 2026 - 18:22 NVD

HIGH MEDIUM

CVSS changed

May 11, 2026 - 18:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Source Code Evidence Fetched

May 11, 2026 - 17:45 vuln.today

Analysis Generated

May 11, 2026 - 17:45 vuln.today

CVE Published

May 11, 2026 - 16:30 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.

AnalysisAI

Authentication bypass in OpenClaw's BlueBubbles webhook handler allows remote attackers to send crafted webhook requests without credentials. The handleBlueBubblesWebhookRequest function in extensions/bluebubbles/src/monitor.ts incorrectly exempts localhost requests from authentication, enabling IP spoofing attacks to bypass security controls. …

RemediationAI

Within 24 hours: audit all OpenClaw instances to identify current versions and webhook integrations in use. Within 7 days: upgrade all OpenClaw deployments to version 2026.2.12 or later, prioritizing production environments with BlueBubbles integration. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8305 vulnerability details – vuln.today

Back

OpenClaw CVE-2026-8305

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

OpenClaw CVE-2026-8305

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code