Description
OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent responses intended for configured senders, potentially bypassing access controls.
Published: 2026-06-16
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw prior to 2026.5.7 contains a flaw in its BlueBubbles component that allows conversation participants to match sender allowlist entries through mutable conversation metadata rather than by a stable sender identity. This flaw lets an attacker craft or alter conversation-level identifiers so that agent responses intended for authorized senders are routed to the attacker instead, effectively bypassing sender‑based access controls.

Affected Systems

The vulnerability affects all OpenClaw installations running any version older than 2026.5.7, regardless of the environment in which the Node.js application is deployed.

Risk and Exploitability

The CVSS score of 2.3 reflects a low overall impact, and the EPSS score of less than 1% indicates a very low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Attacking this vulnerability would require an actor to participate in a conversation and manipulate its metadata; the likely attack vector is through the BlueBubbles API or user interface, exploiting the trust that the system places in conversation identifiers rather than authenticated sender identities.

Generated by OpenCVE AI on June 17, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.7 or later, which removes the mutable conversation identifier handling.
  • If an immediate upgrade is unavailable, reconfigure BlueBubbles to enforce strict sender identity verification and disregard conversation metadata when determining authorized recipients.
  • As a temporary containment, restrict user permissions to change conversation identifiers and monitor for anomalous messaging patterns that may indicate policy bypass attempts.

Generated by OpenCVE AI on June 17, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8j37-5w68-wj2g OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers
History

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent responses intended for configured senders, potentially bypassing access controls.
Title OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubbles
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-807
CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-16T19:33:35.725Z

Reserved: 2026-06-10T21:22:34.480Z

Link: CVE-2026-53860

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:17:03.573

Modified: 2026-06-16T20:42:46.200

Link: CVE-2026-53860

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:30:12Z

Weaknesses
  • CWE-807

    Reliance on Untrusted Inputs in a Security Decision

  • CWE-863

    Incorrect Authorization