The vulnerability allows attackers to bypass sender policy allowlists set for the Google Chat and Zalouser extensions in OpenClaw. By triggering a route‑level group allowlist downgrade, the application silently falls back to an open policy, enabling the attacker to send messages to bots that would normally be blocked. This flaw permits unauthorized interaction with bots, potentially leading to misuse or misdirection of bot functionality.

OpenClaw applications running versions prior to 2026.3.28 that include the Google Chat or Zalouser extensions are susceptible. Any user of the affected OpenClaw deployment that relies on sender policies for bot access could be impacted. The issue resides in the core OpenClaw product and does not affect other products or services directly.

The CVSS score of 5.3 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting a lower public exploitation risk at present. However, the attack can be carried out remotely by crafting messages that exploit the policy downgrade, and successful exploitation would allow the attacker to interact with bots without proper authorization. Based on the description, the likely vector is remote attacker sending messages to trigger the downgrade, resulting in unauthorized bot communication.