{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/callback/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw (\u003c= 2026.5.5)"],"_cs_severities":["high"],"_cs_tags":["authorization-bypass","telegram","callback","vulnerability","npm"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA critical vulnerability (GHSA-w5ww-7chg-mxcq) exists in OpenClaw, affecting versions up to \u003ccode\u003e2026.5.5\u003c/code\u003e, which allows an authorization bypass in its Telegram interactive callback functionality. Discovered and published on 2026-07-02, this flaw permits a malicious Telegram user to invoke a callback that marks itself as an authorized sender, effectively circumventing the \u003ccode\u003ecommands.allowFrom\u003c/code\u003e restriction. This means commands intended for execution only by trusted users can be triggered by unauthorized individuals. The vulnerability primarily impacts OpenClaw Gateway operators who have Telegram interactive callbacks enabled, potentially leading to unintended command execution and system compromise. Organizations using OpenClaw should prioritize patching to version \u003ccode\u003e2026.5.6\u003c/code\u003e or later to prevent unauthorized command invocation. The risk is high given the potential for unauthorized control over the Gateway through a simple callback.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an OpenClaw Gateway instance that exposes Telegram interactive callbacks.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a specialized Telegram interactive callback request, targeting a specific command.\u003c/li\u003e\n\u003cli\u003eThe crafted callback is sent to the vulnerable OpenClaw Gateway's Telegram interface.\u003c/li\u003e\n\u003cli\u003eOpenClaw Gateway receives and processes the interactive callback.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability (GHSA-w5ww-7chg-mxcq), the internal logic incorrectly marks the callback sender as authorized.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecommands.allowFrom\u003c/code\u003e check, which should restrict command execution based on sender identity, is bypassed.\u003c/li\u003e\n\u003cli\u003eThe attacker's command, embedded within or triggered by the callback, is executed by the OpenClaw Gateway.\u003c/li\u003e\n\u003cli\u003eUnauthorized command execution leads to the attacker achieving their objective, such as data manipulation, system configuration changes, or further compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eIf exploited, this vulnerability could trigger command behavior outside the configured Telegram sender allowlist, leading to unauthorized actions on the OpenClaw Gateway. The practical impact is contingent upon the specific configuration of the operator and the sensitivity of commands accessible via Telegram. While no specific victim count or sectors are mentioned, any organization utilizing vulnerable OpenClaw versions with Telegram interactive callbacks enabled faces a high risk of unauthorized control over their Gateway, potentially leading to data exfiltration, service disruption, or further network penetration.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003enpm/openclaw\u003c/code\u003e to version \u003ccode\u003e2026.5.6\u003c/code\u003e or later to remediate the vulnerability described in this brief.\u003c/li\u003e\n\u003cli\u003eAs a temporary mitigation, restrict Telegram command callbacks to trusted chats until \u003ccode\u003enpm/openclaw\u003c/code\u003e can be patched, as recommended by the advisory.\u003c/li\u003e\n\u003cli\u003eDisable the interactive callbacks feature for \u003ccode\u003enpm/openclaw\u003c/code\u003e if it is not strictly needed, reducing the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T11:57:08Z","date_published":"2026-07-03T11:57:08Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-callback-bypass/","summary":"A high-severity vulnerability (GHSA-w5ww-7chg-mxcq) in OpenClaw allows an unauthorized Telegram user to bypass the `commands.allowFrom` sender check via interactive callbacks, leading to unauthorized command execution on the OpenClaw Gateway.","title":"OpenClaw Telegram Callback Authorization Bypass (GHSA-w5ww-7chg-mxcq)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-callback-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Callback","version":"https://jsonfeed.org/version/1.1"}