Description
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing message.from.id). If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions. Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured. This issue has been fixed in version 2026.2.1.
Published: 2026-02-19
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Command Execution
Action: Apply Patch
AI Analysis

Impact

OpenClaw accepted HTTP requests to the Telegram webhook endpoint without validating the Telegram secret token header when the channels.telegram.webhookSecret configuration was omitted. This missing validation allows an attacker to forge Telegram update messages, such as spoofing the message.from.id field, and have them processed as if they originated from a legitimate Telegram user. Depending on which bot commands or tools are enabled, the forged updates could trigger unintended actions, including sending messages, executing commands, or performing other operations controlled by the AI assistant.

Affected Systems

Versions of OpenClaw up to 2026.1.30 are affected. The flaw manifests only when Telegram webhook mode is enabled, which occurs when the channels.telegram.webhookUrl setting is present. All deployments that expose the webhook URL to potential attackers are at risk until the issue is corrected by upgrading to v2026.2.1 or later.

Risk and Exploitability

The severity is reflected in a CVSS score of 7.5, while the EPSS score of < 1% indicates a currently low probability of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely if the webhook endpoint is reachable from the Internet, sending forged HTTP requests that bypass authentication. The flaw is an example of improper validation of critical request data, classified as CWE‑345.

Generated by OpenCVE AI on April 18, 2026 at 11:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.2.1 or later, which implements proper Telegram secret token verification.
  • If an immediate upgrade is not feasible, configure a non‑empty channels.telegram.webhookSecret value in the OpenClaw configuration to enforce validation of incoming webhook requests.
  • Restrict external exposure of the webhook endpoint by applying firewall rules or using a reverse proxy that limits access to the Telegram IP ranges, or by removing the channels.telegram.webhookUrl setting when the feature is not required.

Generated by OpenCVE AI on April 18, 2026 at 11:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mp5h-m6qj-6292 OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass
History

Thu, 19 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Thu, 19 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Thu, 19 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing message.from.id). If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions. Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured. This issue has been fixed in version 2026.2.1.
Title OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass
Weaknesses CWE-345
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-19T17:44:17.297Z

Reserved: 2026-02-02T16:31:35.820Z

Link: CVE-2026-25474

cve-icon Vulnrichment

Updated: 2026-02-19T17:23:27.796Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T07:17:45.847

Modified: 2026-02-19T20:13:13.640

Link: CVE-2026-25474

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:00:05Z

Weaknesses