Description
OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate allowed identities by using attacker-controlled display names or matching localparts from different homeservers to reach the routing and agent pipeline.
Published: 2026-03-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass (Impersonation)
Action: Patch
AI Analysis

Impact

OpenClaw versions before 2026.2.2 with the Matrix plugin enabled contain a flaw that allows the DM allowlist to be bypassed. An attacker can produce a sender display name or localpart that matches an entry on the allowance list without the homeserver being validated. This bypass enables remote Matrix users to impersonate identities that should be trusted, potentially allowing the delivery of messages through the routing and agent pipeline under false credentials.

Affected Systems

The vulnerability affects installations of OpenClaw OpenClaw version 2026.1.14-1 up to, but not including, 2026.2.2 when the Matrix plugin is installed and enabled. Users of later versions are not affected.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity, while the EPSS score of less than 1% reflects a low likelihood of exploitation observed so far. The vulnerability is not listed in the CISA KEV catalog. The main attack vector is remote, as any Matrix user can craft the necessary display name or localpart to trigger the bypass. This allows an adversary to bring malicious or unauthorized content through the system without proper homeserver validation, potentially leading to unauthorized message delivery or identity spoofing.

Generated by OpenCVE AI on April 16, 2026 at 11:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.2 or newer, which contains the fix for the allowlist bypass.
  • If an upgrade cannot be performed immediately, disable the Matrix plugin to eliminate the attack surface until the patch can be applied.
  • Verify that DM allowlist checks require homeserver validation and do not rely solely on sender display names or localparts, and adjust the configuration accordingly.

Generated by OpenCVE AI on April 16, 2026 at 11:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-rmxw-jxxx-4cpc OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching
History

Wed, 11 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Thu, 05 Mar 2026 22:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate allowed identities by using attacker-controlled display names or matching localparts from different homeservers to reach the routing and agent pipeline.
Title OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-287
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-09T18:03:59.323Z

Reserved: 2026-02-27T19:19:25.571Z

Link: CVE-2026-28471

cve-icon Vulnrichment

Updated: 2026-03-09T18:03:54.927Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:20.817

Modified: 2026-03-11T16:18:31.117

Link: CVE-2026-28471

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:00:11Z

Weaknesses