Impact
OpenClaw prior to 2026.5.7 contains a flaw in its BlueBubbles component that allows conversation participants to match sender allowlist entries through mutable conversation metadata rather than by a stable sender identity. This flaw lets an attacker craft or alter conversation-level identifiers so that agent responses intended for authorized senders are routed to the attacker instead, effectively bypassing sender‑based access controls.
Affected Systems
The vulnerability affects all OpenClaw installations running any version older than 2026.5.7, regardless of the environment in which the Node.js application is deployed.
Risk and Exploitability
The CVSS score of 2.3 reflects a low overall impact, and the EPSS score of less than 1% indicates a very low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Attacking this vulnerability would require an actor to participate in a conversation and manipulate its metadata; the likely attack vector is through the BlueBubbles API or user interface, exploiting the trust that the system places in conversation identifiers rather than authenticated sender identities.
OpenCVE Enrichment
Github GHSA