FKIE_CVE-2026-25474

Vulnerability from fkie_nvd - Published: 2026-02-19 07:17 - Updated: 2026-02-19 20:13
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing message.from.id). If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions. Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured. This issue has been fixed in version 2026.2.1.
References
security-advisories@github.comhttps://github.com/openclaw/openclaw/commit/3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930Patch
security-advisories@github.comhttps://github.com/openclaw/openclaw/commit/5643a934799dc523ec2ef18c007e1aa2c386b670Patch
security-advisories@github.comhttps://github.com/openclaw/openclaw/commit/633fe8b9c17f02fcc68ecdb5ec212a5ace932f09Patch
security-advisories@github.comhttps://github.com/openclaw/openclaw/commit/ca92597e1f9593236ad86810b66633144b69314dPatch
security-advisories@github.comhttps://github.com/openclaw/openclaw/releases/tag/v2026.2.1Product, Release Notes
security-advisories@github.comhttps://github.com/openclaw/openclaw/security/advisories/GHSA-mp5h-m6qj-6292Exploit, Mailing List, Patch, Vendor Advisory
Impacted products
Vendor Product Version
openclaw openclaw *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "2E1A32AB-BFE5-4510-B02F-4E8D6440EC83",
              "versionEndExcluding": "2026.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram\u2019s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing message.from.id). If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions. Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured. This issue has been fixed in version 2026.2.1."
    },
    {
      "lang": "es",
      "value": "OpenClaw es un asistente personal de IA. En las versiones 2026.1.30 e inferiores, si channels.telegram.webhookSecret no est\u00e1 configurado cuando se encuentra en modo webhook de Telegram, OpenClaw puede aceptar solicitudes HTTP de webhook sin verificar el encabezado del token secreto de Telegram. En implementaciones donde el endpoint del webhook es accesible por un atacante, esto puede permitir actualizaciones falsificadas de Telegram (por ejemplo, suplantando message.from.id). Si un atacante puede alcanzar el endpoint del webhook, podr\u00eda enviar actualizaciones falsificadas que se procesan como si provinieran de Telegram. Dependiendo de los comandos/herramientas habilitados y la configuraci\u00f3n, esto podr\u00eda llevar a acciones no intencionadas del bot. Nota: El modo webhook de Telegram no est\u00e1 habilitado por defecto. Se habilita solo cuando \u0027channels.telegram.webhookUrl\u0027 est\u00e1 configurado. Este problema ha sido solucionado en la versi\u00f3n 2026.2.1."
    }
  ],
  "id": "CVE-2026-25474",
  "lastModified": "2026-02-19T20:13:13.640",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-19T07:17:45.847",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/5643a934799dc523ec2ef18c007e1aa2c386b670"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/633fe8b9c17f02fcc68ecdb5ec212a5ace932f09"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/ca92597e1f9593236ad86810b66633144b69314d"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.1"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mp5h-m6qj-6292"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.