OpenClaw, Authorization Bypass, (No CVE) (Moderate)

Listen to this Post

How the mentioned CVE works

The vulnerability stems from Google Chat group authorization logic that relied on the mutable `displayName` property of spaces instead of stable, immutable identifiers. In affected versions (≤ 2026.3.24), access control decisions were bound to the human‑readable space name. An attacker could rename a space (e.g., change its `displayName` to match a targeted group) or exploit naming collisions to cause policy rebinding. When the name changed, the authorization policy would inadvertently re‑attach to a different space, granting unintended permissions. This bypass allowed unauthorized users to gain access to groups they should not have been part of. The issue was exacerbated by the lack of stable group ID validation during policy evaluation. The fix, introduced in commit 11ea1f6, replaces name‑based checks with deterministic group IDs, ensuring that policy bindings remain consistent regardless of display name mutations.

dailycve form

Platform: openclaw
Version: ≤ 2026.3.24
Vulnerability: Authz bypass via rebinding
Severity: Moderate
date: 2026-03-26

Prediction: Patch released 2026-03-29

What Undercode Say:

Check vulnerable version
git tag | grep v2026.3.24
Verify fix commit
git show 11ea1f67863d88b6cbcb229dd368a45e07094bff
Simulate policy rebinding (example)
curl -X PATCH "https://chat.googleapis.com/v1/spaces/SPACE_ID" \
-H "Authorization: Bearer $TOKEN" \
-d '{"displayName": "Target Group"}'

Exploit

An attacker renames a Google Chat space to match the displayName of a protected group. The authorization policy, bound to the name, then applies to the attacker‑controlled space, granting elevated privileges.

Protection from this CVE

Upgrade to `2026.3.25` or any version containing commit 11ea1f6. The fix enforces authorization based on immutable group IDs instead of mutable display names. Ensure that all policy evaluation logic references stable identifiers.

Impact

Unauthorized access to Google Chat groups, leading to data exposure, message interception, and privilege escalation within the OpenClaw integration.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top