Description
OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook secret was missing or incorrect. This does not affect the default iMessage integration unless BlueBubbles is installed and enabled. Version 2026.2.13 contains a patch. Other mitigations include setting a non-empty BlueBubbles webhook password and avoiding deployments where a public-facing reverse proxy forwards to a loopback-bound Gateway without strong upstream authentication.
Published: 2026-02-19
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

OpenClaw’s optional BlueBubbles iMessage channel plugin allowed webhook requests that originated from the local loopback interface to be treated as authenticated even when no webhook secret was configured or when the secret was incorrect, effectively bypassing the authentication mechanism. This flaw made it possible for an attacker to execute commands or access data through the plugin as if they were a legitimate webhook source. The vulnerability is identified as a CWE‑863 authorization flaw.

Affected Systems

Any installation of the OpenClaw application that has the BlueBubbles plugin enabled and is running a version older than 2026.2.13 is affected. The default iMessage integration is not impacted unless the BlueBubbles plugin is explicitly installed and enabled. Vendors such as OpenClaw are impacted through the openclaw:openclaw product line.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity vulnerability, while the EPSS score of under 1% suggests that exploitation opportunities are currently very limited. Because the flaw relies on loopback traffic, a local attacker or a remote adversary who can manipulate a public‑facing reverse proxy to forward traffic to the loopback‑bound OpenClaw gateway can exploit the issue. The vulnerability is not listed in CISA’s KEV catalog, so no publicly known exploits have been reported to date.

Generated by OpenCVE AI on April 18, 2026 at 11:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.13 or later to apply the official patch.
  • Configure a non‑empty webhook password for the BlueBubbles plugin so the secret is checked even for loopback traffic.
  • Avoid deployments where a public reverse proxy forwards external requests to a loopback‑bound OpenClaw gateway without robust upstream authentication, or enforce such authentication in the proxy configuration.

Generated by OpenCVE AI on April 18, 2026 at 11:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pchc-86f6-8758 OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust
History

Tue, 24 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Fri, 20 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw @openclaw/bluebubbles
Openclaw openclaw
Vendors & Products Openclaw
Openclaw @openclaw/bluebubbles
Openclaw openclaw

Thu, 19 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook secret was missing or incorrect. This does not affect the default iMessage integration unless BlueBubbles is installed and enabled. Version 2026.2.13 contains a patch. Other mitigations include setting a non-empty BlueBubbles webhook password and avoiding deployments where a public-facing reverse proxy forwards to a loopback-bound Gateway without strong upstream authentication.
Title OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Openclaw @openclaw/bluebubbles Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-20T15:41:50.888Z

Reserved: 2026-02-13T16:27:51.807Z

Link: CVE-2026-26316

cve-icon Vulnrichment

Updated: 2026-02-20T15:32:10.864Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T22:16:47.110

Modified: 2026-02-24T19:59:36.100

Link: CVE-2026-26316

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:45:44Z

Weaknesses