CVE-2026-26316

CVE-2026-26316 is an authorization vulnerability (CWE-863) in OpenClaw, a personal AI assistant, affecting versions prior to 2026.2.13. The issue resides in the optional BlueBubbles iMessage channel plugin, which accepts incoming webhook requests as authenticated solely based on the TCP peer address matching loopback interfaces (127.0.0.1, ::1, or ::ffff:127.0.0.1), even if the configured webhook secret is missing or incorrect. This flaw does not impact the default iMessage integration and requires the BlueBubbles plugin to be explicitly installed and enabled.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating exploitation over the network with low complexity, no privileges or user interaction required. Remote attackers can exploit it by sending crafted webhook requests to a loopback-bound OpenClaw Gateway instance that is exposed indirectly, such as through a public-facing reverse proxy lacking strong upstream authentication. Successful exploitation allows attackers to bypass authentication, enabling high-impact integrity violations, such as injecting unauthorized commands or data via the iMessage channel.

Mitigations are detailed in the OpenClaw GitHub security advisory (GHSA-pchc-86f6-8758) and associated commits. Administrators should upgrade to version 2026.2.13, which includes fixes via commits 743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a and f836c385ffc746cb954e8ee409f99d079bfdcd2f. Additional workarounds involve configuring a non-empty BlueBubbles webhook secret and avoiding deployments where public reverse proxies forward traffic to loopback-bound Gateways without robust authentication controls.