Description
OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can mention the bot in Twitch chat to bypass access control and invoke the agent pipeline, potentially causing unintended actions or resource exhaustion.
Published: 2026-03-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass in Remote Twitch Plugin
Action: Patch
AI Analysis

Impact

OpenClaw 2026.1.29 and earlier versions of the Twitch plugin fail to enforce the allowFrom allowlist when the allowedRoles configuration is missing or empty. This oversight allows any Twitch user who can mention the bot in chat to trigger the agent dispatch pipeline. The resulting unauthorized action may execute unintended commands or place excessive load on system resources, effectively enabling remote exploitation without requiring privileged credentials. The weakness is classified as CWE‑285, indicating an authorization bypass.

Affected Systems

Systems running OpenClaw with the Twitch plugin enabled, specifically versions prior to 2026.2.1. The vulnerability is present only when the plugin is installed and active, and no allowRoles setting is defined, exposing the platform to unauthorized Twitch accounts.

Risk and Exploitability

The advisory lists a CVSS score of 6.3, indicating a moderate severity. EPSS indicates exploitation probability is below 1%, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by simply mentioning the bot in Twitch chat, as no additional privileges or network access are required. The low exploitation probability suggests that while the vulnerability exists, it may not be widely weaponized, yet it remains actionable for any adversary with a Twitch account.

Generated by OpenCVE AI on April 16, 2026 at 12:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.1 or later to receive the fix for the allowFrom enforcement bug
  • If an upgrade is not immediately possible, disable the Twitch plugin or remove it from the deployment to eliminate the attack surface
  • For environments that must retain the plugin, configure the allowedRoles setting and populate the allowFrom allowlist to restrict which Twitch users can invoke the agent dispatch

Generated by OpenCVE AI on April 16, 2026 at 12:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-33rq-m5x2-fvgf OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
History

Tue, 10 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

 cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Thu, 05 Mar 2026 22:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can mention the bot in Twitch chat to bypass access control and invoke the agent pipeline, potentially causing unintended actions or resource exhaustion.
Title OpenClaw 2026.1.29 < 2026.2.1 - Authorization Bypass in Twitch Plugin allowFrom Access Control
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-285
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-10T14:28:56.176Z

Reserved: 2026-02-27T19:16:43.063Z

Link: CVE-2026-28448

cve-icon Vulnrichment

Updated: 2026-03-10T14:28:52.817Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:16.803

Modified: 2026-03-11T16:02:04.510

Link: CVE-2026-28448

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:15:35Z

Weaknesses