Vulnerabilities

CVE-2026-29613 - OpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress ...

2026-03-06 0 views admin

CVE ID : CVE-2026-29613 Published : March 5, 2026, 10:16 p.m. | 1 hour, 28 minutes ago Description : OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles (optional plugin) webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operates behind a reverse proxy, unauthenticated remote attackers can inject arbitrary BlueBubbles message and reaction events by reaching the proxy endpoint. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-29613

Severity

HIGH

Published

March 5, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-29613high

CVE-2026-29613 - OpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress ...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-29606 - OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback ...

CVE-2026-28486 - OpenClaw 2026.1.16-2 < 2026.2.14 - Path Traversal (Zip Slip) in Archive Extracti...

CVE-2026-28485 - OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP E...

CVE-2026-28484 - OpenClaw 2026.2.15 - Option Injection in pre-commit Hook via Malicious Filenames

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting