Main Vulnerability Database Vulnerabilities #VU132724

Improper access control in OpenClaw - #VU132724

Published: May 29, 2026

Vulnerability identifier: #VU132724

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to bypass Telegram sender allowlist restrictions.

The vulnerability exists due to improper access control in Telegram interactive callbacks when processing callback invocations before applying commands.allowFrom. A remote user can invoke an affected callback to bypass Telegram sender allowlist restrictions.

Only configurations with the affected Telegram interactive callback feature enabled and reachable are vulnerable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-w5ww-7chg-mxcq

Improper access control in OpenClaw - #VU132724

Detailed vulnerability description

Remediation

Sources

Please verify you're human