Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.
AnalysisAI
Authentication bypass in OpenClaw's BlueBubbles webhook handler allows remote attackers to send crafted webhook requests without credentials. The handleBlueBubblesWebhookRequest function in extensions/bluebubbles/src/monitor.ts incorrectly exempts localhost requests from authentication, enabling IP spoofing attacks to bypass security controls. Exploit code is publicly available on GitHub. Patch released in version 2026.2.12 (commit a6653be). CVSS 7.3 reflects network-accessible unauthenticated attack with low complexity affecting confidentiality, integrity, and availability.
Technical ContextAI
This vulnerability (CWE-287: Improper Authentication) affects OpenClaw's BlueBubbles integration, which monitors iMessage activity via webhooks. The flaw exists in the webhook request handler that processes incoming HTTP POST requests at the /bluebubbles-webhook endpoint. The vulnerable code incorrectly trusted requests appearing to originate from loopback addresses (127.0.0.1, ::1, ::ffff:127.0.0.1) by exempting them from authentication checks. Because HTTP request metadata like socket.remoteAddress can be spoofed or manipulated in various deployment scenarios (reverse proxies, load balancers, Docker networking), attackers could craft requests that bypass the authentication logic entirely. The patch removes the loopback exemption and enforces authentication via query parameters (guid/password) or HTTP headers (x-guid, x-password, x-bluebubbles-guid, authorization) for all webhook requests regardless of apparent source IP.
RemediationAI
Upgrade to OpenClaw version 2026.2.12 or later, available at https://github.com/openclaw/openclaw/releases/tag/v2026.2.12. The fix is implemented in commit a6653be0265f1f02b9de46c06f52ea7c81a836e6 (https://github.com/openclaw/openclaw/commit/a6653be0265f1f02b9de46c06f52ea7c81a836e6) and pull request #13787 (https://github.com/openclaw/openclaw/pull/13787). If immediate patching is not feasible, implement network-level access controls to restrict the /bluebubbles-webhook endpoint to trusted source IPs only via firewall rules or reverse proxy ACLs - note this introduces operational complexity for legitimate webhook sources and may break integrations if BlueBubbles server IPs change. Another compensating control is disabling the BlueBubbles extension entirely until patching is complete, though this eliminates iMessage monitoring functionality. Do not rely on IP-based trust for authentication enforcement.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29158
GHSA-7g7j-xm76-28w4