GHSA-25PW-4H6W-QWVM: OpenClaw BlueBubbles Group Allowlist Bypass via DM Pairing Fallback

OpenClaw BlueBubbles Group Allowlist Bypass via DM Pairing Fallback

Vulnerability ID: GHSA-25PW-4H6W-QWVM
CVSS Score: 5.4
Published: 2026-03-03

A logical vulnerability exists in the authorization middleware of the OpenClaw BlueBubbles extension, enabling unauthorized users to bypass group chat access controls. The flaw allows the trusted identity of a user established in a Direct Message (DM) context—stored in a local pairing store—to incorrectly satisfy authorization requirements in Group Chat contexts, even when strict allowlists are configured. This effectively renders the groupPolicy allowlist ineffective against any user who has previously paired with the assistant via a private channel.

TL;DR

Users paired with the OpenClaw assistant via private DMs can bypass strict allowlists in Group Chats due to an incorrect fallback in the authorization logic. Fixed in version 2026.2.25.

---

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-285
• Attack Vector: Network
• CVSS Score: 5.4
• Impact: Authorization Bypass
• Affected Component: BlueBubbles Middleware
• Exploit Status: PoC Available

Affected Systems

• OpenClaw (npm package)
• BlueBubbles Extension for OpenClaw
• openclaw: < 2026.2.25 (Fixed in: 2026.2.25)

Mitigation Strategies

• Upgrade OpenClaw to version 2026.2.25 or later.
• Audit groupAllowFrom lists in openclaw.yaml.
• Restrict dmPolicy to allowlist to prevent unauthorized pairing.

Remediation Steps:

1. Stop the OpenClaw service.
2. Run npm install openclaw@latest to fetch the patched version.
3. Verify the version is >= 2026.2.25.
4. Run openclaw doctor --fix to normalize user IDs in configuration.
5. Restart the OpenClaw service.

References

• GHSA-25PW-4H6W-QWVM Advisory
• OpenClaw Documentation
• NPM Registry: openclaw

---

Read the full report for GHSA-25PW-4H6W-QWVM on our website for more details including interactive diagrams and full exploit analysis.