GHSA-PCHC-86F6-8758

Vulnerability from github – Published: 2026-02-17 21:33 – Updated: 2026-02-17 21:33
VLAI?
Summary
OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust
Details

Summary

In affected versions, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (127.0.0.1, ::1, ::ffff:127.0.0.1) even when the configured webhook secret was missing or incorrect. This does not affect the default iMessage integration unless BlueBubbles is installed and enabled.

Affected Packages / Versions

  • npm: openclaw < 2026.2.13
  • npm: @openclaw/bluebubbles < 2026.2.13

Details

If a deployment exposes the BlueBubbles webhook endpoint through a same-host reverse proxy (or an attacker can reach loopback via SSRF), an unauthenticated party may be able to inject inbound webhook events into the agent pipeline.

Fix Commit(s)

  • f836c385ffc746cb954e8ee409f99d079bfdcd2f
  • 743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a (defense-in-depth)

Mitigations

  • Set a non-empty BlueBubbles webhook password.
  • Avoid deployments where a public-facing reverse proxy forwards to a loopback-bound Gateway without strong upstream authentication.

Thanks @MegaManSec (https://joshua.hu) of AISLE Research Team for reporting.

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openclaw/bluebubbles"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-26316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-17T21:33:51Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nIn affected versions, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook secret was missing or incorrect. This does not affect the default iMessage integration unless BlueBubbles is installed and enabled.\n\n### Affected Packages / Versions\n\n- npm: `openclaw` `\u003c 2026.2.13`\n- npm: `@openclaw/bluebubbles` `\u003c 2026.2.13`\n\n### Details\n\nIf a deployment exposes the BlueBubbles webhook endpoint through a same-host reverse proxy (or an attacker can reach loopback via SSRF), an unauthenticated party may be able to inject inbound webhook events into the agent pipeline.\n\n### Fix Commit(s)\n\n- f836c385ffc746cb954e8ee409f99d079bfdcd2f\n- 743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a (defense-in-depth)\n\n### Mitigations\n\n- Set a non-empty BlueBubbles webhook password.\n- Avoid deployments where a public-facing reverse proxy forwards to a loopback-bound Gateway without strong upstream authentication.\n\nThanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.",
  "id": "GHSA-pchc-86f6-8758",
  "modified": "2026-02-17T21:33:51Z",
  "published": "2026-02-17T21:33:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pchc-86f6-8758"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/f836c385ffc746cb954e8ee409f99d079bfdcd2f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.