Executive Summary

CVE-2026-22170 is an access control bypass vulnerability in OpenClaw versions prior to 2026.2.22 when used with the optional BlueBubbles plugin. The issue arises when the allowFrom configuration is empty or unset, causing the dmPolicy pairing and allowlist restrictions to be ineffective.

Specifically, the authorization check for direct messages relies on functions that incorrectly allow messages from unauthorized senders if the allowlist is empty. This means remote attackers can send direct messages to BlueBubbles accounts without proper authorization.

The vulnerability is classified as CWE-863 (Incorrect Authorization) and was fixed by changing the allowlist validation logic to fail closed on empty allowlists, restoring the intended access control.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows remote attackers to bypass sender authorization checks and send direct messages to BlueBubbles accounts without permission.

The impact depends on the deployment context: it is medium severity because BlueBubbles is an optional plugin and many deployments use private, owner-controlled identities with limited external reachability.

However, if the BlueBubbles identifier is publicly reachable or if agent tool permissions are broad, the risk and potential impact increase, potentially allowing unauthorized communication or interaction.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves checking if the OpenClaw BlueBubbles plugin is running a version prior to 2026.2.22 and if the allowFrom configuration is empty or unset, which causes the access control bypass.

Since the vulnerability allows unauthorized direct messages to be sent by bypassing sender authorization checks, monitoring logs for unexpected or unauthorized direct messages to BlueBubbles accounts can help detect exploitation attempts.

Specifically, you can look for verbose logs related to blocked messages, pairing requests, or errors during pairing reply sending, as the patched versions added detailed logging for these events.

Commands to detect the vulnerability might include:

• Check the installed OpenClaw BlueBubbles plugin version: e.g., `npm list openclaw` or check the version in your deployment.
• Inspect the BlueBubbles configuration file or settings for the allowFrom parameter to verify if it is empty or unset.
• Review application logs for unexpected direct messages or pairing requests that indicate unauthorized access attempts.
• Use network monitoring tools to detect unusual direct message traffic to BlueBubbles accounts from unknown senders.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade the OpenClaw BlueBubbles plugin to version 2026.2.22 or later, where the vulnerability has been fixed by enforcing a fail-closed behavior on empty allowlists and refactoring the access control logic.

If immediate upgrade is not possible, ensure that the allowFrom configuration is not empty or unset to prevent the bypass of sender authorization checks.

Additionally, review and tighten network and application access controls to limit exposure of BlueBubbles identifiers, especially if they are publicly reachable.

Monitor logs for suspicious direct message activity and pairing requests to detect potential exploitation attempts.

Useful 0 Not Useful 0