| शीर्षक | OpenClaw (formally ClawdBot) openclaw 2026.1.24 Authentication Bypass Issues |
|---|
| विवरण | A critical authentication bypass exists in the BlueBubbles extension webhook due to a type-juggling vulnerability. The application compares the inbound Authorization header against an uninitialized configuration variable. By providing the literal string "undefined" as a Bearer token, a remote attacker can bypass authentication. This allows for unauthorized event injection, leading to Server-Side Request Forgery (SSRF) and the exfiltration of administrative credentials in cleartext. |
|---|
| स्रोत | ⚠️ https://github.com/Dave-gilmore-aus/security-advisories/blob/main/ClawdBot(aka%20OpenClaw)-Auth-Bypass-SSRF |
|---|
| उपयोगकर्ता | davidgilmore (UID 96940) |
|---|
| सबमिशन | 22/04/2026 12:56 AM (1 महीना पहले) |
|---|
| संयम | 11/05/2026 01:37 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 362590 [OpenClaw तक 2026.1.24 bluebubbles Webhook monitor.ts handleBlueBubblesWebhookRequest कमजोर प्रमाणीकरण] |
|---|
| अंक | 20 |
|---|