High severity7.3NVD Advisory· Published May 11, 2026· Updated May 16, 2026
CVE-2026-8305
CVE-2026-8305
Description
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
8- github.com/openclaw/openclaw/commit/a6653be0265f1f02b9de46c06f52ea7c81a836e6nvdPatch
- github.com/openclaw/openclaw/pull/13787nvdIssue TrackingPatch
- github.com/Dave-gilmore-aus/security-advisories/blob/main/ClawdBot(aka%20OpenClaw)-Auth-Bypass-SSRFnvdExploitMitigationVendor Advisory
- github.com/openclaw/openclaw/issues/13786nvdExploitIssue TrackingMitigation
- vuldb.com/submit/809371nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/362590nvdThird Party AdvisoryVDB Entry
- github.com/openclaw/openclaw/releases/tag/v2026.2.12nvdRelease Notes
- vuldb.com/vuln/362590/ctinvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.