CVE-2026-28469
📋 TL;DR
OpenClaw versions before 2026.2.14 have a webhook routing vulnerability in the Google Chat monitor component that allows attackers to misroute webhook events to incorrect account contexts. This bypasses allowlists and session policies, potentially exposing sensitive data or enabling unauthorized actions. Organizations using OpenClaw with multiple webhook targets sharing HTTP paths are affected.
💻 Affected Systems
- OpenClaw
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive data from other accounts, execute unauthorized actions in different organizational contexts, or bypass security controls entirely, leading to data breaches or system compromise.
Likely Case
Unauthorized access to webhook data from other accounts, policy bypass allowing actions that should be restricted, and potential data leakage between organizational contexts.
If Mitigated
Limited impact with proper network segmentation and monitoring, but still potential for policy bypass if webhook paths are shared.
🎯 Exploit Status
Exploitation requires understanding of webhook routing and ability to craft malicious webhook events.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.2.14
Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-rq6g-px6m-c248
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Update OpenClaw to version 2026.2.14 or later. 3. Restart OpenClaw services. 4. Verify webhook routing is functioning correctly.
🔧 Temporary Workarounds
Unique Webhook Paths
allEnsure each webhook target has a unique HTTP path to prevent routing ambiguity
# Review and modify webhook configurations to use unique paths
Webhook Path Validation
allImplement additional validation for webhook paths to ensure proper routing
# Add path validation in webhook configuration files
🧯 If You Can't Patch
- Implement strict network segmentation between webhook targets
- Enable detailed logging and monitoring of all webhook events
🔍 How to Verify
Check if Vulnerable:
Check OpenClaw version and verify if multiple webhook targets share the same HTTP path in Google Chat monitor configurationCheck Version:
openclaw --versionVerify Fix Applied:
Verify OpenClaw version is 2026.2.14 or later and test webhook routing with multiple targets📡 Detection & Monitoring
Log Indicators:
- Webhook events processed under unexpected account contexts
- Policy bypass attempts in webhook logs
- Multiple webhook targets using same path
Network Indicators:
- Unusual webhook traffic patterns
- Webhook requests to unexpected endpoints
SIEM Query:
source="openclaw" AND (event_type="webhook" AND account_context_mismatch=true)