{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openclaw--2026.1.24/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-8305"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw \u003c= 2026.1.24"],"_cs_severities":["high"],"_cs_tags":["cve-2026-8305","authentication-bypass","openclaw"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw versions up to 2026.1.24 are susceptible to an improper authentication vulnerability, identified as CVE-2026-8305. The flaw resides in the \u003ccode\u003ehandleBlueBubblesWebhookRequest\u003c/code\u003e function within the \u003ccode\u003eextensions/bluebubbles/src/monitor.ts\u003c/code\u003e file of the bluebubbles Webhook component. Successful exploitation allows a remote attacker to bypass authentication mechanisms. Public exploits are available, increasing the urgency for remediation. Users are advised to upgrade to version 2026.2.12 or apply the patch \u003ccode\u003ea6653be0265f1f02b9de46c06f52ea7c81a836e6\u003c/code\u003e to mitigate the risk. This vulnerability poses a significant threat due to the potential for unauthorized access and control over affected systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an OpenClaw instance running a vulnerable version (\u0026lt;= 2026.1.24).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request targeting the \u003ccode\u003ehandleBlueBubblesWebhookRequest\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe crafted request exploits the improper authentication vulnerability (CVE-2026-8305) within the \u003ccode\u003eextensions/bluebubbles/src/monitor.ts\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function fails to properly validate the request, allowing the attacker to bypass authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive functionalities or data.\u003c/li\u003e\n\u003cli\u003eAttacker performs malicious actions, such as modifying system settings or exfiltrating data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-8305 can lead to unauthorized access to OpenClaw instances. This can result in a compromise of sensitive data, modification of system configurations, and potential disruption of services. The availability of public exploits increases the likelihood of widespread attacks, potentially affecting any OpenClaw instance running a vulnerable version. Organizations using OpenClaw should prioritize patching or upgrading to mitigate this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.2.12 or apply the patch \u003ccode\u003ea6653be0265f1f02b9de46c06f52ea7c81a836e6\u003c/code\u003e to remediate CVE-2026-8305.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003ehandleBlueBubblesWebhookRequest\u003c/code\u003e function. Deploy the Sigma rule targeting cs-uri-stem to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of a successful breach.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-11T18:21:45Z","date_published":"2026-05-11T18:21:45Z","id":"https://feed.craftedsignal.io/briefs/2026-05-openclaw-auth-bypass/","summary":"OpenClaw versions up to 2026.1.24 are vulnerable to improper authentication in the handleBlueBubblesWebhookRequest function, allowing remote exploitation and requiring an upgrade to version 2026.2.12 or application of patch a6653be0265f1f02b9de46c06f52ea7c81a836e6 to remediate CVE-2026-8305.","title":"OpenClaw Improper Authentication Vulnerability (CVE-2026-8305)","url":"https://feed.craftedsignal.io/briefs/2026-05-openclaw-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — OpenClaw \u003c= 2026.1.24","version":"https://jsonfeed.org/version/1.1"}