Description
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.
Published: 2026-05-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerable function, handleBlueBubblesWebhookRequest, mismanages authentication and allows an attacker to bypass required credentials. An attacker can trigger the function remotely, gaining unauthorized access to system resources via the bluebubbles Webhook component. The weakness aligns with CWE‑287, which signifies improper authentication controls.

Affected Systems

The vulnerability affects OpenClaw versions up to and including 2026.1.24, specifically the bluebubbles Webhook implementation located in extensions/bluebubbles/src/monitor.ts. Updating to OpenClaw 2026.2.12, which contains the patch a6653be0265f1f02b9de46c06f52ea7c81a836e6, resolves the issue.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate impact level. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog. The public exploit can be triggered remotely through the webhook endpoint, and no additional network segmentation or firewall rules are currently required to mitigate exploitation until a patch is applied.

Generated by OpenCVE AI on May 11, 2026 at 18:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.12, which includes the commit a6653be0265f1f02b9de46c06f52ea7c81a836e6 that fixes improper authentication in the bluebubbles Webhook component.
  • Re‑enable or configure the bluebubbles Webhook only audited authentication mechanisms, ensuring that any remnant webhook routes are protected by valid credentials.
  • If an immediate upgrade is not feasible, block all inbound traffic to the webhook endpoint using firewall or proxy rules until the update can be applied.

Generated by OpenCVE AI on May 11, 2026 at 18:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.
Title OpenClaw bluebubbles Webhook monitor.ts handleBlueBubblesWebhookRequest improper authentication
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-287
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T18:26:10.409Z

Reserved: 2026-05-11T11:37:27.843Z

Link: CVE-2026-8305

cve-icon Vulnrichment

Updated: 2026-05-11T18:26:06.088Z

cve-icon NVD

Status : Received

Published: 2026-05-11T18:16:44.800

Modified: 2026-05-11T18:16:44.800

Link: CVE-2026-8305

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T19:15:42Z

Weaknesses