CVE-2026-28454
Authentication Bypass in OpenClaw Telegram Webhook Enables Command Injection
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects OpenClaw versions prior to 2026.2.2 when Telegram webhook mode is enabled. The software fails to validate webhook secrets, allowing unauthenticated HTTP POST requests to the webhook endpoint. Attackers can send malicious JSON payloads that spoof the message.from.id and chat.id fields, bypassing sender allowlists and enabling execution of privileged bot commands.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to impersonate trusted Telegram users by spoofing critical identifiers in webhook messages. This can lead to unauthorized execution of privileged commands on the bot, potentially compromising the bot's functionality, data integrity, and security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know