CVE-2026-25474
Awaiting Analysis Awaiting Analysis - Queue
Authentication Bypass in OpenClaw Telegram Webhook Allows Spoofing

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: GitHub, Inc.

Description
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing message.from.id). If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions. Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured. This issue has been fixed in version 2026.2.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25474
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects OpenClaw, a personal AI assistant, in versions 2026.1.30 and below. When operating in Telegram webhook mode, if the configuration setting channels.telegram.webhookSecret is not set, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header.

As a result, if an attacker can reach the webhook endpoint, they can send forged Telegram updates that OpenClaw will process as if they came from Telegram itself. This can include spoofing the sender's identity (for example, message.from.id).

Because Telegram webhook mode is not enabled by default and only activates when channels.telegram.webhookUrl is configured, this vulnerability only applies in specific deployment scenarios. The issue was fixed in version 2026.2.1.

Impact Analysis

If an attacker can send forged Telegram updates to the vulnerable OpenClaw webhook endpoint, they may cause the bot to perform unintended actions.

The impact depends on the enabled commands, tools, and configuration of the bot. Because the attacker can spoof message senders, they might manipulate the bot into executing commands or actions that it would normally restrict or not perform.

This could lead to unauthorized bot behavior, potentially disrupting services or causing misuse of the bot's capabilities.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade OpenClaw to version 2026.2.1 or later, where the issue has been fixed.

Alternatively, ensure that the configuration parameter channels.telegram.webhookSecret is set when using Telegram webhook mode to enforce verification of Telegram's secret token header.

If Telegram webhook mode is not needed, avoid enabling it by not configuring channels.telegram.webhookUrl.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25474. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart