Listen to this Post
In specific LINE configurations, a vulnerability exists where sender IDs approved through Direct Message (DM) pairing could also inadvertently satisfy group allowlist checks. The root cause is a scope mismatch in the authorization logic; the group allowlist composition incorrectly inherited entries from the pairing-store that were intended only for DM approvals. Under the default DM pairing policy, this meant a sender who was paired via DM could automatically match the criteria for group sender access. This bypasses the operator’s expectation that group sender access should be strictly limited to explicit group allowlists. The flaw essentially allows a DM-paired sender to be treated as authorized in group contexts without being on the explicit group list.
Platform: openclaw npm
Version: <= 2026.2.25
Vulnerability: Authorization Bypass
Severity: Low
Date: 2026-03-04
Prediction: Patch 2026.2.26
What Undercode Say:
Analytics
To identify if your OpenClaw instance is affected by this specific authorization bypass, you can perform the following checks. First, verify the installed version, as versions up to and including 2026.2.25 are vulnerable. Then, review your LINE policy configurations to see if the group allowlist is implicitly relying on DM pairing data. The following commands can help audit your setup.
Check the currently installed version of OpenClaw openclaw --version If the version is 2026.2.25 or lower, the system is vulnerable. Expected output example: 2026.2.25 Examine the LINE policy configuration file for potential misconfiguration. Look for any inheritance or sharing of allowlist/pairing stores. cat ~/.openclaw/policies/line-config.yaml | grep -A 5 -B 5 "allowlist" Check the commit history to see if the fix has been manually applied. The fix is identified by specific commit hashes. git log --oneline | grep -E "8bdda7a6|892a9c24"
Exploit
An attacker who has successfully DM-paired with a target OpenClaw instance can exploit this flaw to gain unauthorized access to groups. The exploit relies on the vulnerable logic where the group allowlist check incorrectly considers the DM pairing store as a source of truth. By simply being a DM-paired sender, the attacker’s ID is automatically trusted by the group authorization mechanism, bypassing any explicit group-level restrictions the operator intended to enforce.
Scenario: An attacker with a DM-paired ID (e.g., 'malicious_user') attempts to interact with a group.
The vulnerable system checks the group allowlist, which is improperly merged with DM approvals.
The attacker's ID is found in the DM store, so access is granted.
This can be simulated by attempting to send a command to the bot from within a group context.
If the bot responds despite the attacker not being on the group allowlist, the system is vulnerable.
curl -X POST http://localhost:8080/api/line/webhook \
-H "Content-Type: application/json" \
-d '{
"events": [
{
"type": "message",
"source": {
"groupId": "restricted_group_123",
"userId": "malicious_user"
},
"message": {
"text": "@bot execute admin_command"
}
}
]
}'
Protection
To protect against this vulnerability, administrators must update to the patched version. The fix isolates the group allowlist composition from the DM pairing-store entries, ensuring that group sender access is scoped only to explicit group allowlists. Upgrading to version 2026.2.26 or later will apply the necessary code changes, which centralize shared DM/group composition to preserve DM-only pairing behavior and include regression coverage for LINE policy paths.
Update OpenClaw to the patched version using npm. This will install version 2026.2.26 or later. npm install -g openclaw@latest After updating, verify the installation. openclaw --version Expected output should be 2026.2.26 or higher. Restart the OpenClaw service to ensure the new version is active. systemctl --user restart openclaw-gateway Confirm the fix commits are present in the local repository (if applicable). git pull origin main git log --oneline -n 5 | head -5 You should see commits: 892a9c24 (follow-up refactor hardening) 8bdda7a6 isolate group allowlist composition from pairing-store entries
Impact
The impact of this vulnerability is a breach of intended authorization boundaries. It allows a sender who has been DM-paired to potentially interact with and send messages to groups from which they should be explicitly blocked. This undermines the security model where group access is tightly controlled by allowlists, as a DM relationship now implicitly grants broader group privileges. This can lead to unauthorized information disclosure within groups or the execution of commands in a group context by an uninvited or untrusted participant .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

