CVE-2026-26328 in OpenClaw
Summary
by MITRE • 02/20/2026
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/27/2026
The vulnerability identified as CVE-2026-26328 affects OpenClaw, a personal AI assistant application that implements iMessage group policy mechanisms for access control. This security flaw exists in versions prior to 2026.2.14 and specifically impacts the group authorization process when the groupPolicy parameter is set to allowlist mode. The vulnerability stems from an improper trust boundary implementation that allows sender identities from the direct message (DM) pairing store to satisfy group authorization requirements, thereby creating an unexpected trust relationship between DM contexts and group contexts.
The technical flaw represents a privilege escalation vulnerability that violates the principle of least privilege and proper access control enforcement. When the groupPolicy=allowlist setting is configured, the system should strictly enforce that only explicitly authorized identities can participate in group communications. However, the vulnerability permits identities that have previously established direct message relationships to bypass normal group authorization checks. This occurs because the system fails to properly validate that the sender identity originates from the appropriate authorization context, allowing DM trust relationships to be leveraged in group settings where such trust should not be automatically granted.
The operational impact of this vulnerability is significant as it undermines the fundamental security model of group communications within the OpenClaw application. An attacker who gains access to a device or session could potentially exploit this weakness to gain unauthorized participation in group conversations by leveraging existing DM trust relationships. This creates a vector for information disclosure, as unauthorized parties could access group communications that should be restricted to specific authorized participants. The vulnerability also enables potential man-in-the-middle attacks where malicious actors could inject themselves into group contexts through legitimate DM relationships, violating the confidentiality and integrity of group communications.
The flaw can be categorized under CWE-284 (Improper Access Control) and aligns with ATT&CK technique T1078 (Valid Accounts) and T1566 (Phishing). The fix implemented in version 2026.2.14 addresses the core issue by enforcing proper context validation for group authorization checks, ensuring that identities from DM pairing stores cannot be used to satisfy group policy requirements. This remediation strengthens the trust boundary between direct message contexts and group contexts, maintaining the separation of concerns that is essential for secure multi-user communication systems. Organizations using OpenClaw should immediately upgrade to version 2026.2.14 or later to mitigate this vulnerability and prevent potential unauthorized access to group communications.