VYPR

npm package

@openclaw/bluebubbles

pkg:npm/%40openclaw/bluebubbles

Vulnerabilities (1)

  • CVE-2026-26316Feb 19, 2026
    affected < 2026.2.13fixed 2026.2.13

    OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook sec