DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-RG8M-3943-VM6Q: GHSA-RG8M-3943-VM6Q: Authorization Bypass in OpenClaw Matrix Extension via Reply Context

#security #cve #cybersecurity #ghsa

GHSA-RG8M-3943-VM6Q: Authorization Bypass in OpenClaw Matrix Extension via Reply Context

Vulnerability ID: GHSA-RG8M-3943-VM6Q
CVSS Score: 5.1
Published: 2026-04-02

OpenClaw versions 2026.3.28 and earlier contain an improper authorization vulnerability in the Matrix extension. The application fails to validate the sender of threaded messages or reply contexts against the configured allowlist. This allows unauthorized attackers to inject arbitrary content into the AI assistant's context window when an authorized user interacts with an attacker's message.

TL;DR

A flaw in OpenClaw's Matrix message parsing allows unauthorized senders to inject malicious input into the AI agent's context by exploiting how the application fetches unvalidated reply and thread contexts.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-285, CWE-863
  • Attack Vector: Network
  • CVSS v4.0 Score: 5.1 (Medium)
  • Exploit Status: Proof-of-Concept Available
  • Impact: Authorization Bypass, Prompt Injection
  • Patch Status: Patched in v2026.3.31

Affected Systems

  • OpenClaw Matrix Extension
  • openclaw npm package
  • openclaw: <= 2026.3.28 (Fixed in: 2026.3.31)

Code Analysis

Commit: 8a563d6

Fix Matrix thread root and reply context bypass sender allowlist

Introduces shouldIncludeRoomContextSender in handler.ts and modifies resolveReplyContext/resolveThreadContext to extract senderId.
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Regression Test PoC: Proof of concept demonstrating the bypass logic is included in the unit tests of the official fix commit.

Mitigation Strategies

  • Upgrade the openclaw npm package to version 2026.3.31 or later.
  • Enforce strict allowlisting by reviewing the groupAllowFrom and roomsConfig parameters.
  • Monitor application logs for the 'drop thread root context' intervention message.

Remediation Steps:

  1. Access the host environment running the OpenClaw application.
  2. Execute npm install openclaw@latest or specifically target npm install openclaw@2026.3.31.
  3. Review the application configuration file to ensure groupPolicy is set to 'allowlist'.
  4. Restart the OpenClaw service process.
  5. Verify the version deployment by checking the startup logs or querying the application endpoint if available.

References

Read the full report for GHSA-RG8M-3943-VM6Q on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)