Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
OpenClaw Telegram Webhook Forgery: Unsecured Access to Bot Actions
CVE-2026-25474
GHSA-mp5h-m6qj-6292
Summary
If you use OpenClaw with Telegram, an attacker could send fake updates to your bot if they can reach the webhook endpoint. This could make your bot take unintended actions. To fix this, set a secret token in OpenClaw's configuration and ensure your reverse proxy sends this token correctly, or limit access to the webhook endpoint.
What to do
- Update steipete openclaw to version 2026.2.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.1 | 2026.2.1 |
| openclaw | openclaw | <= 2026.2.1 | – |
Original title
OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass
Original description
## Summary
In Telegram webhook mode, if `channels.telegram.webhookSecret` is not set, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing `message.from.id`).
Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.1.30`
- Patched: `>= 2026.2.1`
## Impact
If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions.
## Mitigations / Workarounds
- Set a strong `channels.telegram.webhookSecret` and ensure your reverse proxy forwards the `X-Telegram-Bot-Api-Secret-Token` header unchanged.
- Restrict network access to the webhook endpoint (for example bind to loopback and only expose via a reverse proxy).
## Fix Commit(s)
- ca92597e1f9593236ad86810b66633144b69314d (config validation: `webhookUrl` requires `webhookSecret`)
Defense-in-depth / supporting fixes:
- 5643a934799dc523ec2ef18c007e1aa2c386b670 (default webhook listener bind host to loopback)
- 3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930 (bound webhook request body size/time)
- 633fe8b9c17f02fcc68ecdb5ec212a5ace932f09 (runtime guard: reject webhook startup when secret is missing/empty)
Thanks @yueyueL for reporting.
In Telegram webhook mode, if `channels.telegram.webhookSecret` is not set, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing `message.from.id`).
Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.1.30`
- Patched: `>= 2026.2.1`
## Impact
If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions.
## Mitigations / Workarounds
- Set a strong `channels.telegram.webhookSecret` and ensure your reverse proxy forwards the `X-Telegram-Bot-Api-Secret-Token` header unchanged.
- Restrict network access to the webhook endpoint (for example bind to loopback and only expose via a reverse proxy).
## Fix Commit(s)
- ca92597e1f9593236ad86810b66633144b69314d (config validation: `webhookUrl` requires `webhookSecret`)
Defense-in-depth / supporting fixes:
- 5643a934799dc523ec2ef18c007e1aa2c386b670 (default webhook listener bind host to loopback)
- 3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930 (bound webhook request body size/time)
- 633fe8b9c17f02fcc68ecdb5ec212a5ace932f09 (runtime guard: reject webhook startup when secret is missing/empty)
Thanks @yueyueL for reporting.
nvd CVSS3.1
7.5
Vulnerability type
CWE-345
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.1 Product Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mp5h-m6qj-6292 Exploit Mailing List Patch Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-25474
- https://github.com/advisories/GHSA-mp5h-m6qj-6292
- https://github.com/openclaw/openclaw/commit/3cbcba10cf30c2ffb898f0d8c7dfb929f15f... Patch
- https://github.com/openclaw/openclaw/commit/5643a934799dc523ec2ef18c007e1aa2c386... Patch
- https://github.com/openclaw/openclaw/commit/633fe8b9c17f02fcc68ecdb5ec212a5ace93... Patch
- https://github.com/openclaw/openclaw/commit/ca92597e1f9593236ad86810b66633144b69... Patch
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026