OpenClaw Telegram Callback Authorization Bypass (GHSA-w5ww-7chg-mxcq)
A high-severity vulnerability (GHSA-w5ww-7chg-mxcq) in OpenClaw allows an unauthorized Telegram user to bypass the `commands.allowFrom` sender check via interactive callbacks, leading to unauthorized command execution on the OpenClaw Gateway.
A critical vulnerability (GHSA-w5ww-7chg-mxcq) exists in OpenClaw, affecting versions up to 2026.5.5, which allows an authorization bypass in its Telegram interactive callback functionality. Discovered and published on 2026-07-02, this flaw permits a malicious Telegram user to invoke a callback that marks itself as an authorized sender, effectively circumventing the commands.allowFrom restriction. This means commands intended for execution only by trusted users can be triggered by unauthorized individuals. The vulnerability primarily impacts OpenClaw Gateway operators who have Telegram interactive callbacks enabled, potentially leading to unintended command execution and system compromise. Organizations using OpenClaw should prioritize patching to version 2026.5.6 or later to prevent unauthorized command invocation. The risk is high given the potential for unauthorized control over the Gateway through a simple callback.
Attack Chain
- Attacker identifies an OpenClaw Gateway instance that exposes Telegram interactive callbacks.
- Attacker crafts a specialized Telegram interactive callback request, targeting a specific command.
- The crafted callback is sent to the vulnerable OpenClaw Gateway's Telegram interface.
- OpenClaw Gateway receives and processes the interactive callback.
- Due to the vulnerability (GHSA-w5ww-7chg-mxcq), the internal logic incorrectly marks the callback sender as authorized.
- The
commands.allowFromcheck, which should restrict command execution based on sender identity, is bypassed. - The attacker's command, embedded within or triggered by the callback, is executed by the OpenClaw Gateway.
- Unauthorized command execution leads to the attacker achieving their objective, such as data manipulation, system configuration changes, or further compromise.
Impact
If exploited, this vulnerability could trigger command behavior outside the configured Telegram sender allowlist, leading to unauthorized actions on the OpenClaw Gateway. The practical impact is contingent upon the specific configuration of the operator and the sensitivity of commands accessible via Telegram. While no specific victim count or sectors are mentioned, any organization utilizing vulnerable OpenClaw versions with Telegram interactive callbacks enabled faces a high risk of unauthorized control over their Gateway, potentially leading to data exfiltration, service disruption, or further network penetration.
Recommendation
- Upgrade
npm/openclawto version2026.5.6or later to remediate the vulnerability described in this brief. - As a temporary mitigation, restrict Telegram command callbacks to trusted chats until
npm/openclawcan be patched, as recommended by the advisory. - Disable the interactive callbacks feature for
npm/openclawif it is not strictly needed, reducing the attack surface.