DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-52Q4-3XJC-6778: GHSA-52Q4-3XJC-6778: Authorization Bypass via Mutable Metadata in OpenClaw Google Chat Integration

#security #cve #cybersecurity #ghsa

GHSA-52Q4-3XJC-6778: Authorization Bypass via Mutable Metadata in OpenClaw Google Chat Integration

Vulnerability ID: GHSA-52Q4-3XJC-6778
CVSS Score: 8.1
Published: 2026-03-29

OpenClaw versions prior to 2026.3.25 suffer from an authorization bypass vulnerability in the Google Chat integration. The flaw occurs due to reliance on mutable room names for policy enforcement, allowing unprivileged users to escalate privileges by renaming chat spaces.

TL;DR

A flaw in OpenClaw's Google Chat extension (<= 2026.3.24) allows attackers to bypass authorization by renaming a chat space to match a privileged group name. This grants unauthorized access to AI agent tools and data. The vulnerability is fixed in version 2026.3.25.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-863, CWE-639
  • Attack Vector: Network
  • CVSS Score: 8.1
  • Impact: Authorization Bypass / Privilege Escalation
  • Exploit Status: Proof of Concept Available
  • KEV Status: Not Listed

Affected Systems

  • OpenClaw Google Chat Integration
  • Node.js npm openclaw package
  • openclaw: <= 2026.3.24 (Fixed in: 2026.3.25)

Code Analysis

Commit: 11ea1f6

Fix group policy rebinding vulnerability by enforcing stable groupId matching

The patch eliminates the usage of groupName and normalizedName in the candidates mapping array and substitutes it with a direct lookup of entries[groupId], paired with a deprecation validation fallback.
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Upgrade the openclaw package to a patched version
  • Update configuration files to strictly use immutable space IDs

Remediation Steps:

  1. Audit the current deployment to determine the running openclaw version.
  2. Upgrade the openclaw npm dependency to version 2026.3.25 or higher.
  3. Query the Google Chat API to identify the stable Space IDs for all environments interacting with the bot.
  4. Modify the channels.googlechat.groups configuration matrix to replace string-based display names with spaces/XXXXXXXX format IDs.
  5. Restart the OpenClaw agent service to apply the configuration modifications.

References

Read the full report for GHSA-52Q4-3XJC-6778 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)