Platform
nodejs
Component
openclaw
Fixed in
2026.2.21
2026.2.21
CVE-2026-32896 describes a security vulnerability in the BlueBubbles webhook handler within the OpenClaw iMessage plugin. This flaw allows unauthenticated webhook events to be triggered in certain reverse-proxy or local routing configurations, effectively bypassing password-based authentication. The vulnerability impacts OpenClaw versions prior to 2026.2.21, and a fix is available in version 2026.2.21.
The primary impact of CVE-2026-32896 is the potential for unauthorized access to data or functionality exposed through the OpenClaw webhook system. An attacker who can manipulate network routing or proxy configurations could craft malicious webhook events and trigger unintended actions within the OpenClaw environment. This could lead to data breaches, system compromise, or denial of service. The risk is amplified in environments where sensitive information is processed via webhooks, or where the webhook system is integrated with other critical services. While the vulnerability requires specific network configurations, the potential for exploitation warrants immediate attention.
CVE-2026-32896 was publicly disclosed on 2026-03-03. There is no indication of active exploitation at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not widely available, but the vulnerability's nature suggests that it could be exploited relatively easily by attackers with network configuration expertise.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32896 is to upgrade OpenClaw to version 2026.2.21 or later, which includes the fix for this authentication bypass. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the webhook endpoint to trusted networks or implementing stricter firewall rules. Additionally, ensure that webhook password authentication is always enabled for incoming webhook events. After upgrading, verify the fix by attempting to trigger a webhook event from an unauthorized network and confirming that authentication is enforced.
Update OpenClaw to version 2026.2.21 or later. This version fixes the unauthorized access vulnerability to webhooks by implementing proper authentication. The update will prevent attackers from exploiting reverse proxy or local routing configurations to send unauthenticated webhook events to the BlueBubbles plugin.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32896 is a medium severity vulnerability affecting OpenClaw versions before 2026.2.21. It allows unauthenticated webhook events in specific network configurations, bypassing password authentication.
You are affected if you use OpenClaw with the BlueBubbles plugin and are running a version prior to 2026.2.21, particularly if deployed behind a reverse proxy or with local routing and webhook password authentication is disabled.
Upgrade OpenClaw to version 2026.2.21 or later. As a temporary workaround, restrict access to the webhook endpoint or enable webhook password authentication.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests it could be exploited by attackers with network configuration expertise.
Refer to the OpenClaw project's official advisory channels and release notes for details regarding CVE-2026-32896 and the corresponding fix.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.