Primary

Context

OpenClaw Authorization Bypass Vulnerability in Google Chat Group Policy Enforcement

Vulnerability

A vulnerability allowing authorization bypass in Google Chat group policy enforcement has been identified in OpenClaw versions prior to 2026.3.25. This vulnerability arises from the reliance on mutable space display names, which can be manipulated to rebind group policies. Attackers can change or collide space display names to gain unauthorized access to protected resources.

Impact

Exploitation of this vulnerability allows for unauthorized access to resources by bypassing Google Chat group policy enforcement.

Reproduction

The vulnerability can be reproduced by creating a Google Chat group and assigning a policy that relies on the group's display name. By changing the display name or creating a collision with another group's name, the original policy can be overwritten, leading to unauthorized access.

Remediation

Users can update to OpenClaw version 2026.3.25 or later, where this vulnerability has been patched.

Added: Apr 10, 2026, 12:14 AM

Updated: Apr 10, 2026, 12:14 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.3

remediation

0.0

relevance

5.5

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.3

remediation

0.0

relevance

5.5

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Authorization Bypass Vulnerability in Google Chat Group Policy Enforcement

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating