OpenClaw Authorization Bypass Vulnerability via DM Pairing-Store Fallback in Group Allowlist
Vulnerability
A vulnerability allowing authorization bypass has been identified in OpenClaw versions prior to 2026.2.26. This issue arises because DM pairing-store identities are mistakenly recognized as group allowlist identities when the DM policy is set to pairing and the group policy to allowlist. As a result, remote attackers can exploit this by sending messages and reactions as DM-paired identities, without being explicitly included in the group allowlist, thereby circumventing group sender authorization checks.
Impact
Exploitation of this vulnerability allows DM-authorized identities to be recognized as group-authorized, without the need for explicit group allowlist membership. This bypasses group sender authorization checks for messages and reactions.
Reproduction
To reproduce this vulnerability, a sender must be in the DM pairing-store but not in the group allowlist. When the group's policy is set to allowlist and the DM policy to pairing, the sender can send messages or reactions, bypassing the authorization checks.
Remediation
Users can update to OpenClaw version 2026.2.26 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.