CVE-2026-33578
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlists downgrade to an open policy, allowing bypass of sender restrictions and interaction with bots. Affected components include extensions/googlechat/sr...