Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.7
Signal Groups Unsecured by DM Pairing Store in OpenClaw 2026.2.25
GHSA-wm8r-w8pf-2v6w
Summary
In OpenClaw version 2026.2.25, a security weakness allows someone approved for direct messaging (DM) to join a Signal group without being explicitly added by the group's administrators. This could allow unauthorized access to the group. To fix this, OpenClaw has updated its version 2026.2.26 to keep DM pairing information private and require explicit group approval. Update to the latest version to ensure secure group management.
What to do
- Update steipete openclaw to version 2026.2.26.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.26 | 2026.2.26 |
Original title
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage
Original description
### Summary
In OpenClaw `2026.2.25`, Signal group authorization under `groupPolicy=allowlist` could accept sender identities sourced from DM pairing-store approvals. This allowed DM pairing approvals to leak into group allowlist evaluation.
### Impact
This is an authorization-boundary weakness between DM pairing and group allowlist controls. A sender approved for DM pairing could pass group checks without explicit group allowlisting.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version affected: `2026.2.25`
- Vulnerable range: `<= 2026.2.25`
- Patched version (planned next release): `>= 2026.2.26`
### Fix
OpenClaw now keeps DM pairing-store entries DM-only and enforces explicit group allowlist boundaries in shared DM/group policy resolution used by Signal and other channels.
### Fix Commit(s)
- `8bdda7a651c21e98faccdbbd73081e79cffe8be0`
- `64de4b6d6ae81e269ceb4ca16f53cda99ced967a`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.26`). After npm publish of that version, this advisory is ready to publish without further content edits.
Thanks @tdjackey for reporting.
In OpenClaw `2026.2.25`, Signal group authorization under `groupPolicy=allowlist` could accept sender identities sourced from DM pairing-store approvals. This allowed DM pairing approvals to leak into group allowlist evaluation.
### Impact
This is an authorization-boundary weakness between DM pairing and group allowlist controls. A sender approved for DM pairing could pass group checks without explicit group allowlisting.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version affected: `2026.2.25`
- Vulnerable range: `<= 2026.2.25`
- Patched version (planned next release): `>= 2026.2.26`
### Fix
OpenClaw now keeps DM pairing-store entries DM-only and enforces explicit group allowlist boundaries in shared DM/group policy resolution used by Signal and other channels.
### Fix Commit(s)
- `8bdda7a651c21e98faccdbbd73081e79cffe8be0`
- `64de4b6d6ae81e269ceb4ca16f53cda99ced967a`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.26`). After npm publish of that version, this advisory is ready to publish without further content edits.
Thanks @tdjackey for reporting.
ghsa CVSS3.1
3.7
Vulnerability type
CWE-863
Incorrect Authorization
Published: 2 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026