CVE-2026-28474
Authentication Bypass in OpenClaw Nextcloud Talk via Display Name Spoofing
Publication date: 2026-03-05
Last updated on: 2026-05-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6. It allows attackers to bypass direct message (DM) and room allowlists by exploiting the way the plugin validates users. Specifically, the plugin accepts equality matching on the mutable actor.name display name field for allowlist validation. An attacker can change their Nextcloud display name to match an allowlisted user ID, thereby gaining unauthorized access to restricted conversations.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because it allows unauthorized users to access private or restricted conversations by impersonating allowlisted users through display name changes. This can lead to exposure of sensitive information, breach of confidentiality, and potential misuse of private communication channels.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know