GHSA-534W-2VM4-89XR
Vulnerability from github – Published: 2026-03-03 23:18 – Updated: 2026-03-03 23:18A missing group-sender authorization check in the Zalo plugin allowed unauthorized GROUP messages to enter agent dispatch paths in configurations intended to restrict group traffic.
Impact
When Zalo group handling was configured with allowlist-style controls, a sender not present in the intended group allowlist could still trigger agent processing through the GROUP message path.
Root Cause
Group access checks were not consistently enforced before dispatch for Zalo GROUP messages. The fix adds explicit runtime group-policy evaluation (groupPolicy, groupAllowFrom, fallback to allowFrom) and fail-closed behavior for missing provider config.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published vulnerable version:
2026.2.23(as of 2026-02-24) - Affected range:
<= 2026.2.23 - Planned patched version:
2026.2.24
Fix Commit(s)
b4010a0b627025c809c0e5dbdbd4770f3bc59ef8
OpenClaw thanks @tdjackey for reporting.
Publication Update (2026-02-25)
openclaw@2026.2.24 is published on npm and contains the fix commit(s) listed above. This advisory now marks >= 2026.2.24 as patched.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.2.23"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T23:18:26Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "A missing group-sender authorization check in the Zalo plugin allowed unauthorized `GROUP` messages to enter agent dispatch paths in configurations intended to restrict group traffic.\n\n## Impact\nWhen Zalo group handling was configured with allowlist-style controls, a sender not present in the intended group allowlist could still trigger agent processing through the `GROUP` message path.\n\n## Root Cause\nGroup access checks were not consistently enforced before dispatch for Zalo `GROUP` messages. The fix adds explicit runtime group-policy evaluation (`groupPolicy`, `groupAllowFrom`, fallback to `allowFrom`) and fail-closed behavior for missing provider config.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published vulnerable version: `2026.2.23` (as of 2026-02-24)\n- Affected range: `\u003c= 2026.2.23`\n- Planned patched version: `2026.2.24`\n\n## Fix Commit(s)\n- `b4010a0b627025c809c0e5dbdbd4770f3bc59ef8`\n\nOpenClaw thanks @tdjackey for reporting.\n\n### Publication Update (2026-02-25)\n`openclaw@2026.2.24` is published on npm and contains the fix commit(s) listed above. This advisory now marks `\u003e= 2026.2.24` as patched.",
"id": "GHSA-534w-2vm4-89xr",
"modified": "2026-03-03T23:18:26Z",
"published": "2026-03-03T23:18:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-534w-2vm4-89xr"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/b4010a0b627025c809c0e5dbdbd4770f3bc59ef8"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw\u0027s Zalo group sender allowlist bypass permits unauthorized GROUP dispatch"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.