CVE-2026-28454
📋 TL;DR
OpenClaw versions before 2026.2.2 fail to validate Telegram webhook secrets, allowing unauthenticated attackers to send forged Telegram updates. This bypasses sender allowlists and enables execution of privileged bot commands. Only systems with Telegram webhook mode enabled are affected.
💻 Affected Systems
- OpenClaw
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full control of the bot, executing arbitrary privileged commands, accessing sensitive data, and potentially compromising the underlying system.
Likely Case
Unauthorized execution of bot commands, data exfiltration, and privilege escalation within the bot's capabilities.
If Mitigated
Limited impact if webhook mode is disabled or proper network controls block external access.
🎯 Exploit Status
Exploitation requires sending crafted HTTP POST requests with spoofed JSON fields, which is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.2.2
Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-fhvm-j76f-qmjv
Restart Required: Yes
Instructions:
1. Update OpenClaw to version 2026.2.2 or later. 2. Restart the OpenClaw service. 3. Verify webhook secret validation is enabled.
🔧 Temporary Workarounds
Disable Telegram webhook mode
allSwitch to polling mode instead of webhook mode to eliminate the vulnerable endpoint.
Edit OpenClaw configuration to set 'telegram_webhook_enabled: false' and use polling.
Network access control
linuxRestrict access to the webhook endpoint using firewall rules or web application firewall.
iptables -A INPUT -p tcp --dport [WEBHOOK_PORT] -j DROP
Use WAF to block unauthorized POST requests.
🧯 If You Can't Patch
- Disable Telegram webhook mode immediately and switch to polling.
- Implement strict network segmentation and firewall rules to block all external access to the webhook endpoint.
🔍 How to Verify
Check if Vulnerable:
Check if OpenClaw version is below 2026.2.2 and Telegram webhook mode is enabled in configuration.Check Version:
openclaw --version or check package manager (e.g., dpkg -l | grep openclaw)Verify Fix Applied:
Confirm version is 2026.2.2 or later and test webhook endpoint rejects requests without valid secret.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP POST requests to /webhook endpoint
- Failed webhook secret validation logs
- Unexpected bot command executions from unknown users
Network Indicators:
- HTTP POST requests to webhook endpoint with spoofed JSON payloads
- Traffic from unexpected IPs to webhook port
SIEM Query:
source="openclaw.log" AND ("webhook" AND "POST") AND NOT "valid secret"🔗 References
- https://github.com/openclaw/openclaw/commit/3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930
- https://github.com/openclaw/openclaw/commit/5643a934799dc523ec2ef18c007e1aa2c386b670
- https://github.com/openclaw/openclaw/commit/633fe8b9c17f02fcc68ecdb5ec212a5ace932f09
- https://github.com/openclaw/openclaw/commit/ca92597e1f9593236ad86810b66633144b69314d
- https://github.com/openclaw/openclaw/security/advisories/GHSA-fhvm-j76f-qmjv
- https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-unauthenticated-telegram-webhook
