GHSA-534W-2VM4-89XR: GHSA-534w-2vm4-89xr: Authorization Bypass in OpenClaw Zalo Plugin

GHSA-534w-2vm4-89xr: Authorization Bypass in OpenClaw Zalo Plugin

Vulnerability ID: GHSA-534W-2VM4-89XR
CVSS Score: 9.8
Published: 2026-03-03

A critical authorization bypass vulnerability exists in the Zalo plugin of OpenClaw, allowing unauthorized users in group chats to execute commands and trigger agent actions. The flaw stems from a failure to enforce sender allowlists on group message events, bypassing the intended security controls restricted to direct messages.

TL;DR

The OpenClaw Zalo plugin failed to validate sender identity for group messages. Any user in a Zalo group with the bot could bypass the 'allowFrom' restriction and execute commands. Fixed in version 2026.2.25.

---

Technical Details

• CWE ID: CWE-863
• Attack Vector: Network
• CVSS Score: 9.8 (Critical)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• Exploit Status: Active
• Platform: Node.js

Affected Systems

• OpenClaw Zalo Plugin
• OpenClaw: < 2026.2.25 (Fixed in: 2026.2.25)

Code Analysis

Commit: b4010a0

fix(zalo): implement group policy and sender allowlist checks

const groupAccess = isGroup ? evaluateZaloGroupAccess(...) : undefined;

Mitigation Strategies

• Update OpenClaw to version 2026.2.25 or later.
• Configure groupPolicy to allowlist.
• Populate groupAllowFrom with trusted user IDs.
• Remove the bot from Zalo groups if group functionality is not required.

Remediation Steps:

1. Stop the OpenClaw service.
2. Run npm update @openclaw/openclaw or yarn upgrade @openclaw/openclaw to pull the latest version.
3. Verify package.json shows version 2026.2.25.
4. Edit the configuration file to define groupPolicy and groupAllowFrom for the Zalo channel.
5. Restart the service.

References

• OpenClaw GitHub Repository

---

Read the full report for GHSA-534W-2VM4-89XR on our website for more details including interactive diagrams and full exploit analysis.