NextGuard
UNKNOWNCVE-2026-33578

OpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser Extensions

Platform

other

Component

openclaw

Fixed in

2026.3.28

View on NVD

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots despite configured allowlist restrictions.

How to fix

Actualice OpenClaw a la versión 2026.3.28 o posterior. Esta actualización corrige la vulnerabilidad de omisión de la política del remitente al evitar la degradación silenciosa de la política en Google Chat y las extensiones Zalouser.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free