CVE-2026-25474 in OpenClaw
Summary
by MITRE • 02/19/2026
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing message.from.id). If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions. Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured. This issue has been fixed in version 2026.2.1.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/24/2026
The vulnerability identified as CVE-2026-25474 affects OpenClaw, a personal AI assistant application, specifically in versions 2026.1.30 and earlier. This security flaw resides in the Telegram webhook implementation where the system fails to validate the secret token header when processing incoming HTTP requests. The issue occurs exclusively when the application is configured to operate in Telegram webhook mode, which requires the explicit setting of the `channels.telegram.webhookUrl` parameter. The vulnerability represents a critical authentication bypass that undermines the integrity of the communication channel between Telegram and the OpenClaw application, creating a significant attack surface for malicious actors who can potentially reach the webhook endpoint.
The technical flaw stems from the absence of proper input validation and authentication checks within the webhook processing logic. When the `channels.telegram.webhookSecret` configuration parameter is not set, the system accepts all incoming webhook requests without verifying their authenticity through the secret token that Telegram normally provides in the HTTP header. This creates a condition where any attacker who can reach the configured webhook endpoint can submit forged HTTP requests that appear to originate from Telegram's servers. The vulnerability allows for message spoofing where an attacker can manipulate the `message.from.id` field and other parameters within the webhook payload, effectively impersonating legitimate Telegram users or systems. This type of vulnerability aligns with CWE-347, which addresses the weakness of insufficient verification of cryptographic signatures or tokens, and falls under the ATT&CK technique T1566.001 for Phishing through Social Engineering.
The operational impact of this vulnerability extends beyond simple message spoofing, as it can enable attackers to execute unintended bot actions based on the commands and tools that are enabled within the OpenClaw configuration. Since the application processes webhook updates as legitimate Telegram communications, any malicious payload sent through the forged webhook requests can trigger automated responses or commands that the bot is configured to execute. This could potentially lead to unauthorized access to system resources, data exfiltration, or the execution of harmful operations depending on the specific capabilities and permissions configured within the bot. The risk is particularly elevated in environments where the webhook endpoint is publicly accessible or reachable by untrusted parties, making it a prime target for exploitation.
The vulnerability has been addressed in version 2026.2.1 of OpenClaw through the implementation of mandatory secret token validation for webhook requests. This fix ensures that all incoming webhook communications must be authenticated using the secret token provided by Telegram, preventing unauthorized actors from submitting forged requests. Organizations using OpenClaw should immediately upgrade to the patched version and verify that their webhook configurations properly include the `channels.telegram.webhookSecret` parameter. Additionally, security practitioners should review their network configurations to ensure that webhook endpoints are not unnecessarily exposed to external networks and consider implementing additional access controls or authentication mechanisms as part of a defense-in-depth strategy. The fix demonstrates the importance of proper input validation and authentication in webhook implementations, particularly for applications that process sensitive communications from messaging platforms.