CVE-2026-8305

MEDIUM EPSS 45.9%
Published May 11, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 4.0
Medium
Find Similar
Published May 11, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.

CVSS Details

Base Score
5.5
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
45.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.12

References 9

  • github.com https://github.com/Dave-gilmore-aus/security-advisories/blob/main/ClawdBot(aka%20OpenClaw)-Auth-Bypass-SSRF
    ExploitMitigationVendor Advisory
  • github.com https://github.com/openclaw/openclaw/
    Product
  • github.com https://github.com/openclaw/openclaw/commit/a6653be0265f1f02b9de46c06f52ea7c81a836e6
    Patch
  • github.com https://github.com/openclaw/openclaw/issues/13786
    ExploitIssue TrackingMitigation
  • github.com https://github.com/openclaw/openclaw/pull/13787
    Issue TrackingPatch
  • github.com https://github.com/openclaw/openclaw/releases/tag/v2026.2.12
    Release Notes
  • vuldb.com https://vuldb.com/submit/809371
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/vuln/362590
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/vuln/362590/cti
    Permissions RequiredVDB Entry

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/a6653be0265f1f02b9de46c06f52ea7c81a836e6
    Patch
  • github.com https://github.com/openclaw/openclaw/pull/13787
    Issue TrackingPatch