OpenClaw Authorization Bypass Vulnerability in Signal Group Allowlist
Vulnerability
A vulnerability allowing authorization bypass in Signal group allowlist management has been identified in OpenClaw versions prior to 2026.2.26. This issue arises from the incorrect handling of sender identities approved through direct message (DM) pairing-store. Exploiting this vulnerability allows individuals to bypass group allowlist checks and gain unauthorized access to groups by leveraging DM pairing approvals.
Impact
Exploitation of this vulnerability creates a boundary weakness in authorization, allowing DM pairing approvals to improperly influence group allowlist evaluations. As a result, individuals can access groups without being explicitly allowed.
Reproduction
To reproduce this vulnerability, obtain a DM pairing approval from a user. Then, send a message to a Signal group that has 'groupPolicy' set to 'allowlist' but does not include the sender in the allowlist. The message should be accepted, demonstrating the bypass.
Remediation
Users can update to OpenClaw version 2026.2.26 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.