Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 5 npm packages depend on openclaw (5 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.3.22.
DescriptionCVE.org
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execute unauthorized actions through the Google Chat integration.
AnalysisAI
OpenClaw before version 2026.3.22 contains an improper authentication verification flaw in its Google Chat webhook handling that allows authenticated attackers with low privileges to bypass webhook authentication by supplying non-deployment add-on principals, enabling unauthorized actions through the Google Chat integration with a CVSS score of 6.0 and confirmed vendor patch availability.
Technical ContextAI
The vulnerability exists in OpenClaw's Google Chat app-url webhook integration, which fails to properly validate that webhook requests originate from add-on principals within intended deployment bindings. The root cause, classified as CWE-290 (Authentication Using a Wrong Actor), stems from insufficient verification of the principal identity before accepting webhook requests. Attackers who have already obtained low-level authenticated access (PR:L per CVSS vector) can exploit this by crafting requests with non-deployment add-on principals that should have been rejected, thereby circumventing the intended security boundary between different deployment contexts within Google Chat's add-on framework.
RemediationAI
Upgrade OpenClaw to version 2026.3.22 or later, which contains the authentication verification fixes. Vendor patches have been committed to the OpenClaw repository as referenced in commit 630f1479c44f78484dfa21bb407cbe6f171dac87 and a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66. Until patching is feasible, restrict Google Chat webhook access to high-privileged accounts only and monitor webhook request logs for suspicious add-on principal usage. Review the security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-mp66-rf4f-mhh8 for additional context and https://www.vulncheck.com/advisories/openclaw-improper-authentication-verification-in-google-chat-webhook for technical details.
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21104
GHSA-hgwr-wr8h-rxm7