Main Vulnerability Database Vulnerabilities #VU132722

Authentication Bypass by Spoofing in OpenClaw - #VU132722

Published: May 29, 2026

Vulnerability identifier: #VU132722

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-290

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to gain access intended for another Matrix identity.

The vulnerability exists due to authentication bypass by spoofing in the Matrix allowFrom feature when matching policy entries against mutable display name metadata. A remote user can change display name metadata to gain access intended for another Matrix identity.

Exploitation is possible only when the affected feature is enabled and reachable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-7hxm-f538-3xp6

Authentication Bypass by Spoofing in OpenClaw - #VU132722

Detailed vulnerability description

Remediation

Sources

Please verify you're human