Skip to main content

OpenClaw EUVDEUVD-2026-28184

| CVE-2026-44109 CRITICAL
Initialization of a Resource with an Insecure Default (CWE-1188)
2026-05-06 disclosure@vulncheck.com GHSA-xh72-v6v9-mwhc
9.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 06, 2026 - 21:03 EUVD
Source Code Evidence Fetched
May 06, 2026 - 20:35 vuln.today
Analysis Generated
May 06, 2026 - 20:35 vuln.today
CVE Published
May 06, 2026 - 20:16 nvd
CRITICAL 9.2

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 6 npm packages depend on openclaw (6 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.4.15.

DescriptionCVE.org

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands.

AnalysisAI

OpenClaw's Feishu webhook integration fails open when encryptKey is missing or callback tokens are blank, allowing remote unauthenticated attackers to bypass signature verification and replay protection mechanisms. Attackers can submit crafted webhook requests or malformed card-action callbacks directly to command dispatch without authentication, enabling arbitrary command execution. Vendor-confirmed authentication bypass; patch released in version 2026.4.15. No public exploit code or CISA KEV listing identified at time of analysis, but the fail-open behavior and network attack vector (CVSS AV:N/AC:L/PR:N) make this highly exploitable against misconfigured deployments.

Technical ContextAI

OpenClaw integrates with Feishu (Lark/飞书) messaging platform via webhook transport and interactive card actions. The vulnerability affects two authentication mechanisms: (1) webhook signature verification using HMAC with an encryptKey, and (2) card-action callback token validation for replay protection. The root cause is CWE-1188 (Initialization of a Resource with an Insecure Default Value) - the codebase treated missing encryptKey as valid and blank callback tokens as usable, causing authentication checks to return true instead of false when security-critical configuration was absent. The fail-open logic in monitor.transport.ts allowed unsigned webhook requests to proceed when encryptKey was not configured, and card-action.ts dispatched commands even when callback tokens were empty strings. This violated secure-by-default principles and created an unauthenticated network path into OpenClaw's command execution layer, bypassing the intended Feishu identity verification.

RemediationAI

Upgrade to OpenClaw 2026.4.15 or later immediately. The fix is delivered via commit c8003f1b33ed2924be5f62131bd28742c5a41aae (PR #66707), which hardens webhook transport and card-action validation to fail closed: webhook mode now refuses to start without an encryptKey, missing signing configuration returns invalid instead of valid, and blank card-action callback tokens are rejected before dispatch reaches command handlers. Install via npm: npm install openclaw@2026.4.15 or update package.json dependency. If immediate upgrade is not possible, implement these compensating controls with noted trade-offs: (1) Disable Feishu webhook mode entirely until patched - breaks Feishu integration but eliminates attack surface; (2) Verify encryptKey is configured and non-empty in Feishu account configuration before starting webhook transport - requires code audit and restart, may reveal misconfigurations; (3) Implement reverse proxy layer (nginx/Envoy) that validates Feishu webhook signatures before forwarding to OpenClaw - adds operational complexity and latency, requires duplicate signature logic. Note that the vendor describes this as 'defense-in-depth over the already-closed monitor-account layer,' suggesting upstream authentication may provide partial mitigation, but do not rely on undocumented protections. Vendor advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc. Fix commit: https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-28184 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy