Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Nextcloud Talk allowlist bypass via fake user name trick
CVE-2026-28474
GHSA-r5h9-vjqc-hq3r
Summary
A hacker can pretend to be a trusted user by changing their display name, potentially bypassing security settings and accessing restricted conversations. Nextcloud Talk users should update to version 2026.2.6 or later to fix this issue. If you're using the Nextcloud Talk plugin, make sure to update it separately from the main Nextcloud installation.
What to do
- Update openclaw nextcloud-talk to version 2026.2.6.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| openclaw | nextcloud-talk | <= 2026.2.2 | 2026.2.6 |
Original title
Nextcloud Talk allowlist bypass via actor.name display name spoofing
Original description
## Summary
In affected versions of the optional Nextcloud Talk plugin (installed separately; not bundled with the core OpenClaw install), an untrusted webhook field (`actor.name`, display name) could be treated as an allowlist identifier. An attacker could change their Nextcloud display name to match an allowlisted user ID and bypass DM or room allowlists.
## Details
Nextcloud Talk webhook payloads provide a stable sender identifier (`actor.id`) and a mutable display name (`actor.name`). In affected versions, the plugin’s allowlist matching accepted equality on the display name, which is attacker-controlled.
## Affected Packages / Versions
- Package: `@openclaw/nextcloud-talk` (npm)
- Affected: `<= 2026.2.2`
- Fixed: `>= 2026.2.6`
Note: This advisory applies to the optional Nextcloud Talk plugin package. Core `openclaw` is not impacted unless you installed and use `@openclaw/nextcloud-talk`.
## Fix Commit(s)
- [6b4b6049b47c3329a7014509594647826669892d](https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d)
## Timeline
- Introduced: [660f87278c9f292061e097441e0b10c20d62b31b](https://github.com/openclaw/openclaw/commit/660f87278c9f292061e097441e0b10c20d62b31b) (2026-01-20)
- Fixed in repo: [6b4b6049b47c3329a7014509594647826669892d](https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d) (2026-02-04 UTC)
- First fixed tag containing the change: [v2026.2.3](https://github.com/openclaw/openclaw/releases/tag/v2026.2.3)
- First fixed npm release of `@openclaw/nextcloud-talk`: `2026.2.6` (published 2026-02-07 UTC)
## Mitigation
Upgrade `@openclaw/nextcloud-talk` to `>= 2026.2.6`.
## Release Process Note
The patched version range is set to the first npm release that contains the fix. Once you are ready, you can publish this advisory without additional version edits.
Thanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.
In affected versions of the optional Nextcloud Talk plugin (installed separately; not bundled with the core OpenClaw install), an untrusted webhook field (`actor.name`, display name) could be treated as an allowlist identifier. An attacker could change their Nextcloud display name to match an allowlisted user ID and bypass DM or room allowlists.
## Details
Nextcloud Talk webhook payloads provide a stable sender identifier (`actor.id`) and a mutable display name (`actor.name`). In affected versions, the plugin’s allowlist matching accepted equality on the display name, which is attacker-controlled.
## Affected Packages / Versions
- Package: `@openclaw/nextcloud-talk` (npm)
- Affected: `<= 2026.2.2`
- Fixed: `>= 2026.2.6`
Note: This advisory applies to the optional Nextcloud Talk plugin package. Core `openclaw` is not impacted unless you installed and use `@openclaw/nextcloud-talk`.
## Fix Commit(s)
- [6b4b6049b47c3329a7014509594647826669892d](https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d)
## Timeline
- Introduced: [660f87278c9f292061e097441e0b10c20d62b31b](https://github.com/openclaw/openclaw/commit/660f87278c9f292061e097441e0b10c20d62b31b) (2026-01-20)
- Fixed in repo: [6b4b6049b47c3329a7014509594647826669892d](https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d) (2026-02-04 UTC)
- First fixed tag containing the change: [v2026.2.3](https://github.com/openclaw/openclaw/releases/tag/v2026.2.3)
- First fixed npm release of `@openclaw/nextcloud-talk`: `2026.2.6` (published 2026-02-07 UTC)
## Mitigation
Upgrade `@openclaw/nextcloud-talk` to `>= 2026.2.6`.
## Release Process Note
The patched version range is set to the first npm release that contains the fix. Once you are ready, you can publish this advisory without additional version edits.
Thanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-863
Incorrect Authorization
CWE-290
- https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-r5h9-vjqc-hq3r
- https://www.vulncheck.com/advisories/openclaw-nextcloud-talk-allowlist-bypass-vi...
- https://github.com/openclaw/openclaw/commit/660f87278c9f292061e097441e0b10c20d62...
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.3
- https://github.com/advisories/GHSA-r5h9-vjqc-hq3r
Published: 17 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026