Two high-severity vulnerabilities in OpenClaw exposed weaknesses in how the platform enforced messaging restrictions in its chat integrations. CVE-2026-32975 affects versions before 2026.3.12 and stems from weak authorization in Zalouser allowlist mode, where access checks used mutable group display names instead of stable group identifiers. That design allowed an attacker to create a group with the same name as an allowlisted group and bypass channel authorization, potentially causing messages from unintended groups to be routed to the agent.
A second flaw, CVE-2026-33578, affects versions before 2026.3.28 in the Google Chat and Zalouser extensions. In that case, route-level group allowlist policies could silently downgrade to an open sender policy, letting attackers bypass configured sender restrictions and interact with bots that should have been limited to approved groups. Both issues were rated high severity with impact to confidentiality, integrity, and availability, and advisories and code references were published alongside fixes in newer OpenClaw releases.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
A high-severity vulnerability, CVE-2026-33578, was publicly disclosed affecting OpenClaw versions before 2026.3.28. The flaw was classified as CWE-863 and described as a policy resolution weakness that let attackers interact with bots despite configured allowlist controls.
A high-severity vulnerability, CVE-2026-32975, was publicly disclosed affecting OpenClaw versions before 2026.3.12. The issue was classified as CWE-807 and described as enabling unauthorized message routing from unintended groups to the agent.
OpenClaw released version 2026.3.28 to fix a sender policy allowlist bypass affecting the Google Chat and Zalouser extensions. The bug caused route-level group allowlist policies to silently downgrade to an open policy, allowing attackers to bypass sender restrictions.
OpenClaw released version 2026.3.12 to address a weak authorization issue in Zalouser allowlist mode, where mutable group display names were used instead of stable group identifiers. The flaw could let attackers create similarly named groups and bypass channel authorization controls.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcecvefeed.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.