CVE-2026-8305

HIGH

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.

CVSS v3.1 Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Published: 5/11/2026Modified: 5/16/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-8305 — A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element i...

CVE-2026-8305

May 11, 2026NIST NVD

References (9)

https://github.com/Dave-gilmore-aus/security-advisories/blob/main/ClawdBot(aka%20OpenClaw)-Auth-Bypass-SSRFExploitMitigation https://github.com/openclaw/openclaw/Product https://github.com/openclaw/openclaw/commit/a6653be0265f1f02b9de46c06f52ea7c81a836e6Patch https://github.com/openclaw/openclaw/issues/13786ExploitIssue Tracking https://github.com/openclaw/openclaw/pull/13787Issue TrackingPatch https://github.com/openclaw/openclaw/releases/tag/v2026.2.12Release Notes https://vuldb.com/submit/809371Third Party AdvisoryVDB Entry https://vuldb.com/vuln/362590Third Party AdvisoryVDB Entry https://vuldb.com/vuln/362590/ctiPermissions RequiredVDB Entry