Plataforma
nodejs
Componente
openclaw
Corrigido em
2026.2.21
2026.2.21
CVE-2026-32896 describes a security vulnerability in the BlueBubbles webhook handler within the OpenClaw iMessage plugin. This flaw allows unauthenticated webhook events to be triggered in certain reverse-proxy or local routing configurations, effectively bypassing password-based authentication. The vulnerability impacts OpenClaw versions prior to 2026.2.21, and a fix is available in version 2026.2.21.
The primary impact of CVE-2026-32896 is the potential for unauthorized access to data or functionality exposed through the OpenClaw webhook system. An attacker who can manipulate network routing or proxy configurations could craft malicious webhook events and trigger unintended actions within the OpenClaw environment. This could lead to data breaches, system compromise, or denial of service. The risk is amplified in environments where sensitive information is processed via webhooks, or where the webhook system is integrated with other critical services. While the vulnerability requires specific network configurations, the potential for exploitation warrants immediate attention.
CVE-2026-32896 was publicly disclosed on 2026-03-03. There is no indication of active exploitation at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not widely available, but the vulnerability's nature suggests that it could be exploited relatively easily by attackers with network configuration expertise.
Organizations utilizing OpenClaw with the optional BlueBubbles plugin and deploying it behind reverse proxies or in local routing environments are at increased risk. Specifically, those who have not configured password authentication for incoming webhook events are directly vulnerable. Shared hosting environments where OpenClaw is deployed alongside other applications may also be affected if network configurations are not properly isolated.
• nodejs / server:
npm list openclaw• nodejs / server:
grep -r 'extensions/bluebubbles' /path/to/openclaw/node_modules• nodejs / server:
ps aux | grep -i bluebubblesTriage
Public Disclosure
Patch Release
Status do Exploit
EPSS
0.08% (percentil 23%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-32896 is to upgrade OpenClaw to version 2026.2.21 or later, which includes the fix for this authentication bypass. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the webhook endpoint to trusted networks or implementing stricter firewall rules. Additionally, ensure that webhook password authentication is always enabled for incoming webhook events. After upgrading, verify the fix by attempting to trigger a webhook event from an unauthorized network and confirming that authentication is enforced.
Atualize OpenClaw para a versão 2026.2.21 ou posterior. Esta versão corrige a vulnerabilidade de acesso não autenticado a webhooks implementando uma autenticação adequada. A atualização evitará que atacantes explorem a configuração de proxy reverso ou roteamento local para enviar eventos de webhook não autenticados ao plugin BlueBubbles.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-32896 is a medium severity vulnerability affecting OpenClaw versions before 2026.2.21. It allows unauthenticated webhook events in specific network configurations, bypassing password authentication.
You are affected if you use OpenClaw with the BlueBubbles plugin and are running a version prior to 2026.2.21, particularly if deployed behind a reverse proxy or with local routing and webhook password authentication is disabled.
Upgrade OpenClaw to version 2026.2.21 or later. As a temporary workaround, restrict access to the webhook endpoint or enable webhook password authentication.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests it could be exploited by attackers with network configuration expertise.
Refer to the OpenClaw project's official advisory channels and release notes for details regarding CVE-2026-32896 and the corresponding fix.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.