CVE-2026-25474: Openclaw Auth Bypass Vulnerability

CVE-2026-25474 Overview

OpenClaw is a personal AI assistant application. A critical authentication bypass vulnerability exists in versions 2026.1.30 and below when operating in Telegram webhook mode. If the channels.telegram.webhookSecret configuration is not set, OpenClaw will accept webhook HTTP requests without verifying Telegram's secret token header, allowing attackers to send forged updates that appear to originate from Telegram.

Critical Impact
Attackers can forge Telegram updates to impersonate legitimate users (spoofing message.from.id), potentially triggering unintended bot actions depending on enabled commands, tools, and configuration settings.

Affected Products

OpenClaw versions 2026.1.30 and below (Node.js package)
OpenClaw deployments with Telegram webhook mode enabled via channels.telegram.webhookUrl
OpenClaw instances where channels.telegram.webhookSecret is not configured

Discovery Timeline

February 19, 2026 - CVE-2026-25474 published to NVD
February 19, 2026 - Last updated in NVD database

Technical Details for CVE-2026-25474

Vulnerability Analysis

This vulnerability is classified under CWE-345 (Insufficient Verification of Data Authenticity). The core issue stems from OpenClaw's failure to enforce authentication on incoming webhook requests when operating in Telegram webhook mode without a properly configured secret token.

When channels.telegram.webhookUrl is configured but channels.telegram.webhookSecret is left unset, the application processes incoming HTTP requests to the webhook endpoint without validating the X-Telegram-Bot-Api-Secret-Token header. This creates a trust boundary violation where any network-reachable attacker can submit crafted webhook payloads that the application treats as legitimate Telegram API callbacks.

The impact is focused on integrity compromise, as attackers can manipulate the bot's behavior by injecting malicious update payloads. The attack requires no authentication or user interaction and can be executed remotely over the network.

Root Cause

The root cause is a missing security control in the webhook request validation logic. When the channels.telegram.webhookSecret configuration option is not explicitly set by the administrator, the application fails to validate the secret token header on incoming webhook requests. This represents an insecure default configuration where security-critical validation is conditional rather than mandatory.

Telegram's webhook implementation provides a mechanism for bots to verify the authenticity of incoming updates through a secret token that Telegram includes in the X-Telegram-Bot-Api-Secret-Token header. OpenClaw's implementation makes this verification optional, leaving deployments vulnerable when administrators are unaware of or neglect this configuration requirement.

Attack Vector

The attack vector is network-based and requires the attacker to have network access to the OpenClaw webhook endpoint. The attack flow proceeds as follows:

The attacker identifies an OpenClaw instance with an exposed webhook endpoint
The attacker crafts malicious Telegram update payloads, spoofing fields such as message.from.id to impersonate legitimate users
The attacker sends HTTP POST requests to the webhook endpoint containing the forged updates
Without secret token validation, OpenClaw processes these updates as if they originated from Telegram
Depending on the bot's configured commands and tools, the forged updates trigger unintended actions

The vulnerability requires Telegram webhook mode to be explicitly enabled (not the default configuration) and the webhook endpoint to be network-accessible to the attacker.

Detection Methods for CVE-2026-25474

Indicators of Compromise

Webhook requests lacking valid X-Telegram-Bot-Api-Secret-Token headers being processed successfully
Unusual patterns in bot command execution or actions not correlating with legitimate user activity
HTTP requests to the webhook endpoint from IP addresses outside Telegram's server ranges
Discrepancies between Telegram user IDs in logs and actual user interactions

Detection Strategies

Monitor HTTP access logs for the webhook endpoint and flag requests from non-Telegram IP ranges
Implement logging of the X-Telegram-Bot-Api-Secret-Token header presence and validation status
Review OpenClaw configuration files for missing or empty channels.telegram.webhookSecret values
Set up alerting for unexpected spikes in webhook endpoint traffic or unusual bot command patterns

Monitoring Recommendations

Enable verbose logging for all webhook request processing to track authentication validation
Configure network monitoring to baseline normal Telegram webhook traffic patterns and alert on anomalies
Implement rate limiting on the webhook endpoint to reduce the impact of automated exploitation attempts
Review bot action logs regularly for commands or actions that don't match expected user behavior

How to Mitigate CVE-2026-25474

Immediate Actions Required

Upgrade OpenClaw to version 2026.2.1 or later immediately
Audit current configuration to ensure channels.telegram.webhookSecret is properly set
If using vulnerable versions, restrict network access to the webhook endpoint to Telegram's IP ranges
Review bot action logs for evidence of exploitation prior to patching

Patch Information

The vulnerability has been fixed in OpenClaw version 2026.2.1. Multiple commits were applied to address this issue:

For detailed information, refer to the GitHub Security Advisory GHSA-mp5h-m6qj-6292 and the v2026.2.1 release notes.

Workarounds

Configure channels.telegram.webhookSecret with a strong, randomly generated secret token
Restrict inbound network access to the webhook endpoint using firewall rules to allow only Telegram's IP ranges
Consider switching from webhook mode to polling mode temporarily if immediate patching is not feasible
Disable non-essential bot commands and tools until the vulnerability is addressed

bash

# Configuration example - Set webhook secret in OpenClaw configuration
# In your OpenClaw configuration file (config.yaml or environment variables)
channels:
  telegram:
    webhookUrl: "https://your-domain.com/webhook"
    webhookSecret: "your-strong-randomly-generated-secret-token"

# Generate a secure random secret (example using openssl)
openssl rand -hex 32

CVE-2026-25474 Overview

Critical Impact
Attackers can forge Telegram updates to impersonate legitimate users (spoofing message.from.id), potentially triggering unintended bot actions depending on enabled commands, tools, and configuration settings.

Affected Products

OpenClaw versions 2026.1.30 and below (Node.js package)
OpenClaw deployments with Telegram webhook mode enabled via channels.telegram.webhookUrl
OpenClaw instances where channels.telegram.webhookSecret is not configured

Discovery Timeline

February 19, 2026 - CVE-2026-25474 published to NVD
February 19, 2026 - Last updated in NVD database

Technical Details for CVE-2026-25474

Vulnerability Analysis

Root Cause

Attack Vector

The attack vector is network-based and requires the attacker to have network access to the OpenClaw webhook endpoint. The attack flow proceeds as follows:

The attacker identifies an OpenClaw instance with an exposed webhook endpoint
The attacker crafts malicious Telegram update payloads, spoofing fields such as message.from.id to impersonate legitimate users
The attacker sends HTTP POST requests to the webhook endpoint containing the forged updates
Without secret token validation, OpenClaw processes these updates as if they originated from Telegram
Depending on the bot's configured commands and tools, the forged updates trigger unintended actions

The vulnerability requires Telegram webhook mode to be explicitly enabled (not the default configuration) and the webhook endpoint to be network-accessible to the attacker.

Detection Methods for CVE-2026-25474

Indicators of Compromise

Webhook requests lacking valid X-Telegram-Bot-Api-Secret-Token headers being processed successfully
Unusual patterns in bot command execution or actions not correlating with legitimate user activity
HTTP requests to the webhook endpoint from IP addresses outside Telegram's server ranges
Discrepancies between Telegram user IDs in logs and actual user interactions

Detection Strategies

Monitor HTTP access logs for the webhook endpoint and flag requests from non-Telegram IP ranges
Implement logging of the X-Telegram-Bot-Api-Secret-Token header presence and validation status
Review OpenClaw configuration files for missing or empty channels.telegram.webhookSecret values
Set up alerting for unexpected spikes in webhook endpoint traffic or unusual bot command patterns

Monitoring Recommendations

Enable verbose logging for all webhook request processing to track authentication validation
Configure network monitoring to baseline normal Telegram webhook traffic patterns and alert on anomalies
Implement rate limiting on the webhook endpoint to reduce the impact of automated exploitation attempts
Review bot action logs regularly for commands or actions that don't match expected user behavior

How to Mitigate CVE-2026-25474

Immediate Actions Required

Upgrade OpenClaw to version 2026.2.1 or later immediately
Audit current configuration to ensure channels.telegram.webhookSecret is properly set
If using vulnerable versions, restrict network access to the webhook endpoint to Telegram's IP ranges
Review bot action logs for evidence of exploitation prior to patching

Patch Information

The vulnerability has been fixed in OpenClaw version 2026.2.1. Multiple commits were applied to address this issue:

For detailed information, refer to the GitHub Security Advisory GHSA-mp5h-m6qj-6292 and the v2026.2.1 release notes.

Workarounds

Configure channels.telegram.webhookSecret with a strong, randomly generated secret token
Restrict inbound network access to the webhook endpoint using firewall rules to allow only Telegram's IP ranges
Consider switching from webhook mode to polling mode temporarily if immediate patching is not feasible
Disable non-essential bot commands and tools until the vulnerability is addressed

bash

# Configuration example - Set webhook secret in OpenClaw configuration
# In your OpenClaw configuration file (config.yaml or environment variables)
channels:
  telegram:
    webhookUrl: "https://your-domain.com/webhook"
    webhookSecret: "your-strong-randomly-generated-secret-token"

# Generate a secure random secret (example using openssl)
openssl rand -hex 32

CVE-2026-25474: Openclaw Auth Bypass Vulnerability

CVE-2026-25474 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-25474

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-25474

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-25474

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2026-25474: Openclaw Auth Bypass Vulnerability

CVE-2026-25474 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-25474

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-25474

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-25474

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform