GHSA-JWF4-8WF4-JF2M: GHSA-JWF4-8WF4-JF2M: Critical Authorization Bypass in OpenClaw BlueBubbles Plugin

GHSA-JWF4-8WF4-JF2M: Critical Authorization Bypass in OpenClaw BlueBubbles Plugin

Vulnerability ID: GHSA-JWF4-8WF4-JF2M
CVSS Score: 9.8
Published: 2026-03-04

A critical access control vulnerability exists in the OpenClaw BlueBubbles plugin due to a logic error in the shared authorization utility. The flaw causes the system to fail-open when the allowlist configuration is empty, permitting unauthorized remote users to bypass Direct Message (DM) gating policies. This allows arbitrary unauthenticated users to interact with the AI assistant, potentially triggering sensitive actions or accessing private data.

TL;DR

The OpenClaw BlueBubbles plugin fails to enforce access controls when the allowed sender list is empty. Due to a 'fail-open' logic error in the underlying SDK, unconfigured instances accept DMs from any source, granting full interaction with the AI assistant.

---

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-863
• Attack Vector: Network
• CVSS: 9.8 (Critical)
• Impact: Authorization Bypass
• Exploit Status: PoC Available
• Fix Complexity: Low (Logic Update)

Affected Systems

• OpenClaw (Core)
• OpenClaw BlueBubbles Plugin
• OpenClaw: < Feb 22, 2026 (Fixed in: commit 9632b9b)

Code Analysis

Commit: 9632b9b

Fix: fail closed parsed chat allowlist

export function isAllowedParsedChatSender(...) {
-  if (allowFrom.length === 0) { return true; }
+  if (allowFrom.length === 0) { return false; }
+  if (allowFrom.includes("*")) { return true; }

Exploit Details

• Internal Research: Logic flaw demonstrated in commit history.

Mitigation Strategies

• Update OpenClaw and plugins to the latest version immediately.
• Explicitly configure the allowlist to include at least one trusted sender.
• Audit logs for unauthorized interaction attempts prior to patching.

Remediation Steps:

1. Pull the latest changes from the openclaw/openclaw repository.
2. Verify the version includes commit 9632b9bcf032c5f2280c3103961fde912ab1f920.
3. Run openclaw security audit to verify configuration safety.
4. Check ~/.openclaw/credentials/bluebubbles-allowlist.json to ensure it is not empty if dmPolicy is set to allowlist.

References

• GitHub Advisory GHSA-JWF4-8WF4-JF2M
• OpenClaw Security Documentation

---

Read the full report for GHSA-JWF4-8WF4-JF2M on our website for more details including interactive diagrams and full exploit analysis.