OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate allowed identities by using attacker-controlled display names or matching localparts from different homeservers to reach the routing and agent pipeline.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
Present
Нужны дополнительные условия
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
Low
Частичная утечка данных
Integrity
None
Нет модификации данных
Availability
None
Нет нарушения работы
CVSS Vector v4.0
Weakness Type (CWE)
References 3
https://github.com/openclaw/openclaw/commit/8f3bfbd1c4fb967a2ddb5b4b9a057849208…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-rmxw-jxxx-4cpc
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-displayname-…
disclosure@vulncheck.com