Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw: Unauthorized Access to Tools via Sender Identity Collision
GHSA-wpph-cjgr-7c39
Summary
OpenClaw's OpenClaw software has a security flaw that allows an attacker to access tools meant for another user by exploiting a matching error in the sender identity. This happens when the software is not configured to use explicit sender keys. To fix this issue, the software developers have updated OpenClaw to require explicit typed sender keys, which should prevent unauthorized access. Users should update to the latest version of OpenClaw to protect their tools and sensitive data.
What to do
- Update openclaw to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.22 | 2026.2.22 |
Original title
OpenClaw's typed sender-key matching for toolsBySender prevents identity-collision policy bypass
Original description
### Summary
`channels.*.groups.*.toolsBySender` could match a privileged sender policy using a colliding mutable identity value (for example `senderName` or `senderUsername`) when deployments used untyped keys.
The fix introduces explicit typed sender keys (`id:`, `e164:`, `username:`, `name:`), keeps legacy untyped keys on a deprecated ID-only path, and adds regression coverage to prevent cross-identifier collisions.
### Affected Packages / Versions
- Package: npm `openclaw`
- Affected versions: `<= 2026.2.21-2`
- Latest published npm version at triage time (February 22, 2026): `2026.2.21-2`
- Patched version (planned next release): `2026.2.22`
### Impact
This is a sender-authorization bypass in group tool policy matching for deployments that use `toolsBySender` with untyped keys. Under those conditions, an attacker could inherit stronger tool permissions intended for another sender if they can force an identifier collision.
### Fix Commit(s)
- `5547a2275cb69413af3b62c795b93214fe913b57`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.22`). Once that npm release is published, this advisory should only need publishing.
OpenClaw thanks @jiseoung for reporting.
`channels.*.groups.*.toolsBySender` could match a privileged sender policy using a colliding mutable identity value (for example `senderName` or `senderUsername`) when deployments used untyped keys.
The fix introduces explicit typed sender keys (`id:`, `e164:`, `username:`, `name:`), keeps legacy untyped keys on a deprecated ID-only path, and adds regression coverage to prevent cross-identifier collisions.
### Affected Packages / Versions
- Package: npm `openclaw`
- Affected versions: `<= 2026.2.21-2`
- Latest published npm version at triage time (February 22, 2026): `2026.2.21-2`
- Patched version (planned next release): `2026.2.22`
### Impact
This is a sender-authorization bypass in group tool policy matching for deployments that use `toolsBySender` with untyped keys. Under those conditions, an attacker could inherit stronger tool permissions intended for another sender if they can force an identifier collision.
### Fix Commit(s)
- `5547a2275cb69413af3b62c795b93214fe913b57`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.22`). Once that npm release is published, this advisory should only need publishing.
OpenClaw thanks @jiseoung for reporting.
ghsa CVSS4.0
5.3
Vulnerability type
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026