OpenClaw, Authentication Bypass, CVE-pending (Critical)

Listen to this Post

The vulnerability resides in OpenClaw’s Telegram integration when webhook mode is enabled without a configured webhookSecret. In affected versions (≤ 2026.1.30), the endpoint that receives Telegram updates accepts any HTTP POST request without verifying the `X-Telegram-Bot-Api-Secret-Token` header. Telegram normally sends this header if a secret is set, but when no secret is configured, OpenClaw blindly trusts the entire JSON payload. An attacker who can reach the webhook URL can craft a forged update, spoofing critical fields such as `message.from.id` and chat.id. This allows impersonation of any Telegram user, including those on sender allowlists or paired users. Consequently, the attacker can execute privileged bot commands that are restricted to trusted identities. The impact depends on the enabled commands and network exposure, but in worst‑case scenarios it can lead to full system compromise. The fix in version 2026.2.1 (commit ca92597) enforces that `webhookSecret` must be set whenever `webhookUrl` is configured. Additional hardening commits include binding the webhook listener to loopback by default (5643a93), limiting request body size/time (3cbcba1), and adding a runtime guard that rejects startup if the secret is missing (633fe8b). These changes collectively prevent unauthenticated requests and reduce the attack surface.
Platform: OpenClaw npm
Version: <=2026.1.30
Vulnerability: Authentication Bypass
Severity: Critical
date: 2026-02-01

Prediction: 2026-02-01

What Undercode Say:

Exploit: Forge a Telegram update to impersonate an allowlisted user
curl -X POST https://victim-bot.example.com/telegram-webhook \
-H "Content-Type: application/json" \
-d '{"update_id":123456, "message":{"message_id":1, "from":{"id":987654321, "is_bot":false, "first_name":"Evil"}, "chat":{"id":987654321, "type":"private"}, "text":"/admin_command"}}'
Protection: Configure webhookSecret in OpenClaw config
cat <<EOF > config.json
{
"channels": {
"telegram": {
"webhookSecret": "your-strong-random-secret"
}
}
}
EOF
Ensure reverse proxy forwards the secret header (nginx example)
location /telegram-webhook {
proxy_set_header X-Telegram-Bot-Api-Secret-Token $http_x_telegram_bot_api_secret_token;
proxy_pass http://localhost:8080;
}

Exploit:

An attacker first discovers the publicly exposed webhook URL (e.g., through reconnaissance or misconfigured services). Without a webhookSecret, the endpoint accepts any POST request. The attacker crafts a JSON object mimicking a Telegram `Update` structure, setting `message.from.id` and `chat.id` to values that are allowlisted (e.g., the bot owner’s Telegram ID). The bot processes the forged update as if it came from a trusted source, executing any commands included in the `text` field. This can be repeated to run arbitrary bot functionality.

Protection from this CVE:

1. Immediately update OpenClaw to version ≥ 2026.2.1.

  1. If you cannot update, set a strong `channels.telegram.webhookSecret` and ensure your reverse proxy forwards the `X-Telegram-Bot-Api-Secret-Token` header unchanged.
  2. Restrict network access to the webhook endpoint (e.g., firewall rules, VPN) so only Telegram’s IP ranges can reach it.
  3. Monitor logs for unexpected POST requests to the webhook URL.
  4. Apply defense‑in‑depth measures: bind the webhook listener to localhost and limit request sizes as implemented in the supporting fixes.

Impact:

Successful exploitation allows an attacker to bypass sender allowlists, impersonate any Telegram user, and execute privileged bot commands. Depending on the bot’s capabilities, this can lead to unauthorized data access, system command execution, privilege escalation, or lateral movement within the network. The severity is critical because the vulnerability requires no prior authentication and can be triggered remotely if the webhook endpoint is exposed.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top