Listen to this Post
How the mentioned CVE works
The vulnerability resides in the Google Chat webhook verification logic of the OpenClaw npm package.
Versions prior to 2026.3.22 improperly validated the issuer of add-on principals when handling app‑url webhooks.
The function `extensions/googlechat/src/auth.ts` did not enforce that the `expectedAddOnPrincipal` matched the incoming principal; any principal from a trusted issuer was accepted.
Because the deployment binding (the expected principal) was not checked, an attacker could present a valid add‑on principal belonging to a different deployment or even a third‑party Google Chat add‑on.
The webhook endpoint, defined in monitor-webhook.ts, passed the configured `appPrincipal` into the verification, but the auth layer failed to compare it against the caller’s principal.
As a result, any add‑on principal that passed basic issuer validation was granted access, bypassing the intended restriction that only the deployment‑specific add‑on should be allowed.
This effectively allowed unauthorized actors to invoke the webhook as if they were the legitimate add‑on, potentially triggering any actions exposed through the Google Chat integration.
The fix introduces a strict equality check: `expectedAddOnPrincipal` must match the principal extracted from the incoming request.
If the principal does not match the expected value, the verification fails immediately.
The commit `a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66` implements this change in `auth.ts` and ensures `monitor-webhook.ts` supplies the correct expected principal.
The patch was shipped in version 2026.3.22 and remains present in 2026.3.23 and 2026.3.23‑2.
All versions before 2026.3.22 are vulnerable to this authentication bypass.
dailycve form:
Platform: openclaw (npm)
Version: <2026.3.22
Vulnerability: Authentication Bypass
Severity: High
date: 2026-03-26
Prediction: 2026-03-22
What Undercode Say:
Check installed openclaw version
npm list openclaw
Verify fix commit is present
git show a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66
Simulate a webhook request with malicious principal
curl -X POST https://your-chat-webhook \
-H "Content-Type: application/json" \
-d '{"principal": "[email protected]"}'
Test if vulnerable: attempt webhook with unexpected principal
(should be rejected after patch)
Exploit:
An attacker obtains any valid Google Chat add‑on principal (e.g., from a different deployment or a public add‑on) and uses it in the `principal` field of a webhook request.
Because the vulnerable version does not compare the principal against the expected deployment‑bound principal, the request is accepted, allowing the attacker to execute any action exposed by the webhook (e.g., sending messages, accessing data, running commands).
No further authentication is required.
Protection from this CVE
Upgrade to OpenClaw version 2026.3.22 or later.
If upgrading is not immediately possible, review and restrict network access to the webhook endpoint, and ensure that the `appPrincipal` configuration is set to the exact service account expected for your deployment.
Monitor logs for unexpected webhook invocations.
Impact
Successful exploitation grants unauthorized access to the Google Chat webhook functionality.
An attacker can impersonate the trusted add‑on, leading to potential data leakage, arbitrary command execution (if the webhook triggers system actions), or abuse of any integrated services.
The confidentiality, integrity, and availability of the system may be compromised.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

