Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw's Zalo plugin allows unauthorized group messages
GHSA-534w-2vm4-89xr
Summary
A configuration setting in OpenClaw's Zalo plugin was not properly controlling group messages, allowing unauthorized messages to be processed. This means that someone who is not supposed to send group messages could still send them through the plugin. To fix this, update to the latest version of OpenClaw, which is 2026.2.24 or later.
What to do
- Update openclaw to version 2026.2.24.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.23 | 2026.2.24 |
Original title
OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch
Original description
A missing group-sender authorization check in the Zalo plugin allowed unauthorized `GROUP` messages to enter agent dispatch paths in configurations intended to restrict group traffic.
## Impact
When Zalo group handling was configured with allowlist-style controls, a sender not present in the intended group allowlist could still trigger agent processing through the `GROUP` message path.
## Root Cause
Group access checks were not consistently enforced before dispatch for Zalo `GROUP` messages. The fix adds explicit runtime group-policy evaluation (`groupPolicy`, `groupAllowFrom`, fallback to `allowFrom`) and fail-closed behavior for missing provider config.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version: `2026.2.23` (as of 2026-02-24)
- Affected range: `<= 2026.2.23`
- Planned patched version: `2026.2.24`
## Fix Commit(s)
- `b4010a0b627025c809c0e5dbdbd4770f3bc59ef8`
OpenClaw thanks @tdjackey for reporting.
### Publication Update (2026-02-25)
`[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.
## Impact
When Zalo group handling was configured with allowlist-style controls, a sender not present in the intended group allowlist could still trigger agent processing through the `GROUP` message path.
## Root Cause
Group access checks were not consistently enforced before dispatch for Zalo `GROUP` messages. The fix adds explicit runtime group-policy evaluation (`groupPolicy`, `groupAllowFrom`, fallback to `allowFrom`) and fail-closed behavior for missing provider config.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version: `2026.2.23` (as of 2026-02-24)
- Affected range: `<= 2026.2.23`
- Planned patched version: `2026.2.24`
## Fix Commit(s)
- `b4010a0b627025c809c0e5dbdbd4770f3bc59ef8`
OpenClaw thanks @tdjackey for reporting.
### Publication Update (2026-02-25)
`[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.
ghsa CVSS4.0
5.3
Vulnerability type
CWE-284
Improper Access Control
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026