CVE-2026-8305
MEDIUM
5,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH
7,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
HIGH
7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.
287
Improper Authentication
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Access Control
Potential Impacts:
Read Application Data
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
ICS/OT, Not Technology-Specific, Web Based
https://github.com/Dave-gilmore-aus/security-advisories/blob/main/ClawdBot(aka%…
https://github.com/openclaw/openclaw/
https://github.com/openclaw/openclaw/commit/a6653be0265f1f02b9de46c06f52ea7c81a…
https://github.com/openclaw/openclaw/issues/13786
https://github.com/openclaw/openclaw/pull/13787
https://github.com/openclaw/openclaw/releases/tag/v2026.2.12
https://vuldb.com/submit/809371
https://vuldb.com/vuln/362590
https://vuldb.com/vuln/362590/cti