Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
BlueBubbles Webhook Security Risk: Unauthorized Access
CVE-2026-26316
GHSA-pchc-86f6-8758
Summary
If you use the BlueBubbles plugin with OpenClaw, an attacker could potentially send fake messages as if they came from you, by exploiting a weakness in the way the plugin checks for authentication. To protect yourself, make sure to set a strong password for the BlueBubbles webhook and avoid using a public-facing proxy that forwards requests directly to the localhost. This only affects users who have installed and enabled the BlueBubbles plugin in their OpenClaw setup.
What to do
- Update steipete openclaw to version 2026.2.13.
- Update openclaw bluebubbles to version 2026.2.13.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.13 | 2026.2.13 |
| openclaw | bluebubbles | <= 2026.2.13 | 2026.2.13 |
| openclaw | openclaw | <= 2026.2.13 | – |
Original title
OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust
Original description
### Summary
In affected versions, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook secret was missing or incorrect. This does not affect the default iMessage integration unless BlueBubbles is installed and enabled.
### Affected Packages / Versions
- npm: `openclaw` `< 2026.2.13`
- npm: `@openclaw/bluebubbles` `< 2026.2.13`
### Details
If a deployment exposes the BlueBubbles webhook endpoint through a same-host reverse proxy (or an attacker can reach loopback via SSRF), an unauthenticated party may be able to inject inbound webhook events into the agent pipeline.
### Fix Commit(s)
- f836c385ffc746cb954e8ee409f99d079bfdcd2f
- 743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a (defense-in-depth)
### Mitigations
- Set a non-empty BlueBubbles webhook password.
- Avoid deployments where a public-facing reverse proxy forwards to a loopback-bound Gateway without strong upstream authentication.
Thanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.
In affected versions, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook secret was missing or incorrect. This does not affect the default iMessage integration unless BlueBubbles is installed and enabled.
### Affected Packages / Versions
- npm: `openclaw` `< 2026.2.13`
- npm: `@openclaw/bluebubbles` `< 2026.2.13`
### Details
If a deployment exposes the BlueBubbles webhook endpoint through a same-host reverse proxy (or an attacker can reach loopback via SSRF), an unauthenticated party may be able to inject inbound webhook events into the agent pipeline.
### Fix Commit(s)
- f836c385ffc746cb954e8ee409f99d079bfdcd2f
- 743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a (defense-in-depth)
### Mitigations
- Set a non-empty BlueBubbles webhook password.
- Avoid deployments where a public-facing reverse proxy forwards to a loopback-bound Gateway without strong upstream authentication.
Thanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.
nvd CVSS3.1
7.5
Vulnerability type
CWE-863
Incorrect Authorization
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.12
- https://nvd.nist.gov/vuln/detail/CVE-2026-26316
- https://github.com/advisories/GHSA-pchc-86f6-8758
- https://github.com/openclaw/openclaw/commit/743f4b28495cdeb0d5bf76f6ebf4af01f6a0... Patch
- https://github.com/openclaw/openclaw/commit/f836c385ffc746cb954e8ee409f99d079bfd... Patch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.13 Product Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-pchc-86f6-8758 Patch Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026