OpenClaw BlueBubbles iMessage Channel Webhook Authentication Bypass Vulnerability

A vulnerability exists in the OpenClaw personal AI assistant's BlueBubbles iMessage channel plugin, prior to version 2026.2.13. The plugin could incorrectly authenticate webhook requests based solely on the TCP peer address being loopback, even in the absence of a valid webhook secret. This flaw does not impact the default iMessage integration unless BlueBubbles is active.

Impact

Exploitation of this vulnerability could allow an unauthenticated party to send webhook events to the OpenClaw agent pipeline, potentially injecting false data or triggering actions within the application.

Reproduction

The vulnerability can be reproduced by sending a webhook request to the BlueBubbles endpoint from a loopback address, such as 127.0.0.1. If the request is not authenticated with a webhook password, the server will accept it, bypassing the intended authentication mechanism. This can be done manually or through a script that sends HTTP requests with the appropriate headers, simulating a webhook event.

Remediation

Users should update to OpenClaw version 2026.2.13 or later. Additionally, set a non-empty BlueBubbles webhook password and avoid using a public-facing reverse proxy that forwards to a loopback-bound Gateway without strong upstream authentication.