๐Ÿ” CVE Alert

CVE-2026-8305

HIGH 7.3

OpenClaw bluebubbles Webhook monitor.ts handleBlueBubblesWebhookRequest improper authentication

CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.

CWE CWE-287
Vendor n/a
Product openclaw
Published May 11, 2026
Last Updated May 11, 2026
Stay Ahead of the Next One

Get instant alerts for n/a openclaw

Be the first to know when new high vulnerabilities affecting n/a openclaw are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

n/a / OpenClaw
2026.1.0 2026.1.1 2026.1.2 2026.1.3 2026.1.4 2026.1.5 2026.1.6 2026.1.7 2026.1.8 2026.1.9 2026.1.10 2026.1.11 2026.1.12 2026.1.13 2026.1.14 2026.1.15 2026.1.16 2026.1.17 2026.1.18 2026.1.19 2026.1.20 2026.1.21 2026.1.22 2026.1.23 2026.1.24

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/362590 vuldb.com: https://vuldb.com/vuln/362590/cti vuldb.com: https://vuldb.com/submit/809371 github.com: https://github.com/openclaw/openclaw/issues/13786 github.com: https://github.com/openclaw/openclaw/pull/13787 github.com: https://github.com/Dave-gilmore-aus/security-advisories/blob/main/ClawdBot(aka%20OpenClaw)-Auth-Bypass-SSRF github.com: https://github.com/openclaw/openclaw/commit/a6653be0265f1f02b9de46c06f52ea7c81a836e6 github.com: https://github.com/openclaw/openclaw/releases/tag/v2026.2.12 github.com: https://github.com/openclaw/openclaw/

Credits

๐Ÿ” davidgilmore (VulDB User)