OpenClaw, Weak Identity Binding, CVE-2026-25474 (Low)

Listen to this Post

The vulnerability CVE-2026-25474 resides in the Google Chat allowlisting functionality within the `extensions/googlechat/src/monitor.ts` component of OpenClaw and Clawdbot. The `allowFrom` check was designed to accept both immutable sender resource names (users/<id>) and raw email addresses ([email protected]) for usability. However, the system historically also treated entries formatted as `users/` as email allowlist entries. This created a weakness because `users/` looks like an immutable ID but is actually a mutable principal; an email address can be reassigned to a different underlying user account (with a new users/<id>) by an administrator. If a deployment assumed allowlists were strictly keyed by immutable principals, this assumption could be violated. An attacker with control over identity lifecycle management (e.g., Google Workspace admin) could potentially reassign a trusted email to a different account, gaining the privileges associated with that email in the allowlist. The fix deprecates treating `users/` as an email allowlist entry; it is now handled strictly as a user ID. Raw email allowlists remain supported, and documentation now recommends using `users/` when strict immutable binding is required .

dailycve form:

Platform: OpenClaw/Clawdbot
Version: <=2026.2.13/2026.1.24-3
Vulnerability: Weak Identity Binding
Severity: Low
date: 2026-02-14

Prediction: Patch expected 2026-02-14

(end of form)

What Undercode Say:

Analytics:

The vulnerability stems from ambiguous handling of principal identifiers. The function `allowFrom` in `monitor.ts` did not distinguish between a formatted immutable ID (users/12345) and a formatted email string (users/[email protected]). This flaw weakens defense-in-depth by allowing a mutable attribute (email) to be used where an immutable attribute (resource ID) was expected. Attackers require significant privileges (IdP admin) to exploit, but it lowers the barrier for lateral movement post-compromise.

Example of checking if a vulnerable version is installed
npm list openclaw | grep "openclaw@2"
npm list clawdbot | grep "clawdbot@2026"
Command to update to a patched version
npm install [email protected] --save
npm install [email protected] --save

How Exploit:

Attacker gains control over identity provider. Reassigns victim’s email to attacker-controlled account. Attacker sends message to Google Chat bot. Bot allowlist checks email, grants access. Attacker interacts with bot using stolen identity.

Protection from this CVE

Update to patched versions. Review allowlists for `users/` entries. Use strict `users/` for immutable binding.

Impact:

Bypass of allowlist restrictions. Unauthorized access to bot functionality. Increased risk in chained compromise scenarios.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top