CVE-2026-8305

Exploit

EPSS 0.64%
Veröffentlicht 11.05.2026 18:16:44
Zuletzt bearbeitet 16.05.2026 03:06:20
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

OpenClaw bluebubbles Webhook monitor.ts handleBlueBubblesWebhookRequest improper authentication

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 12

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenClaw ≫ OpenClaw SwPlatformnode.js Version < 2026.2.12

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.456

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.5	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/openclaw/openclaw/

Product

https://github.com/Dave-gilmore-aus/security-advisories/blob/main/ClawdBot(aka%20OpenClaw)-Auth-Bypass-SSRF

Vendor Advisory

Exploit

Mitigation

https://github.com/openclaw/openclaw/commit/a6653be0265f1f02b9de46c06f52ea7c81a836e6

Patch

https://github.com/openclaw/openclaw/issues/13786

Exploit

Issue Tracking

Mitigation

https://github.com/openclaw/openclaw/pull/13787

Patch

Issue Tracking

https://github.com/openclaw/openclaw/releases/tag/v2026.2.12

Release Notes

https://vuldb.com/submit/809371

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/362590

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/362590/cti

VDB Entry

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-8305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-8305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-8305

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-8305