Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw's Synology Chat Plugin Allows Unauthorized Access
GHSA-gw85-xp4q-5gp9
Summary
OpenClaw's Synology chat plugin has a security issue that allows unauthorized users to send messages to an agent, potentially triggering actions, when the plugin is set to allow only specific users but no users are listed. This issue affects OpenClaw versions 2026.2.22 and 2026.2.23. Update to version 2026.2.24 to fix the issue.
What to do
- Update openclaw to version 2026.2.24.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | > 2026.2.22 , <= 2026.2.23 | 2026.2.24 |
Original title
OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch
Original description
### Summary
In `openclaw` versions `2026.2.22` and `2026.2.23`, the optional `synology-chat` channel plugin had an authorization fail-open condition: when `dmPolicy` was `allowlist` and `allowedUserIds` was empty/unset, unauthorized senders were still allowed through to agent dispatch.
This is assessed as **medium** severity because it requires channel/plugin setup and Synology sender access, but can still trigger downstream agent/tool actions.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `>= 2026.2.22, <= 2026.2.23`
- Latest published affected version at patch time: `2026.2.23`
- Planned patched version: `2026.2.24`
### Details
Root cause was a policy mismatch across plugin code paths:
1. Default resolved DM policy was `allowlist`.
2. Empty `allowedUserIds` was treated as allow-all.
3. Webhook auth in allowlist mode depended on that helper.
Result: `allowlist` with empty list behaved like open access for inbound Synology senders.
### Fix Commit(s)
- `0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5`
- `7655c0cb3a47d0647cbbf5284e177f90b4b82ddb`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`>= 2026.2.24`). Once npm release `2026.2.24` is published, the advisory can be published directly.
OpenClaw thanks @tdjackey for reporting.
### Publication Update (2026-02-25)
`[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.
In `openclaw` versions `2026.2.22` and `2026.2.23`, the optional `synology-chat` channel plugin had an authorization fail-open condition: when `dmPolicy` was `allowlist` and `allowedUserIds` was empty/unset, unauthorized senders were still allowed through to agent dispatch.
This is assessed as **medium** severity because it requires channel/plugin setup and Synology sender access, but can still trigger downstream agent/tool actions.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `>= 2026.2.22, <= 2026.2.23`
- Latest published affected version at patch time: `2026.2.23`
- Planned patched version: `2026.2.24`
### Details
Root cause was a policy mismatch across plugin code paths:
1. Default resolved DM policy was `allowlist`.
2. Empty `allowedUserIds` was treated as allow-all.
3. Webhook auth in allowlist mode depended on that helper.
Result: `allowlist` with empty list behaved like open access for inbound Synology senders.
### Fix Commit(s)
- `0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5`
- `7655c0cb3a47d0647cbbf5284e177f90b4b82ddb`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`>= 2026.2.24`). Once npm release `2026.2.24` is published, the advisory can be published directly.
OpenClaw thanks @tdjackey for reporting.
### Publication Update (2026-02-25)
`[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.
ghsa CVSS4.0
5.3
Vulnerability type
CWE-284
Improper Access Control
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026