OpenClaw Sender Policy Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sender policy bypass vulnerability that can be exploited by an attacker to bypass sender restrictions and interact with the bot...

CVE-2026-33578

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sender policy bypass vulnerability that can be exploited by an attacker to bypass sender restrictions and interact with the bot...

CVE-2026-28480

OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...