PT-2026-22457 · Npm · Openclaw
Published
2026-02-17
·
Updated
2026-02-17
CVSS v4.0
8.2
High
| Vector | AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Summary
The BlueBubbles webhook handler previously treated any request whose socket
remoteAddress was loopback (127.0.0.1, ::1, ::ffff:127.0.0.1) as authenticated. When OpenClaw Gateway is behind a reverse proxy (Tailscale Serve/Funnel, nginx, Cloudflare Tunnel, ngrok), the proxy typically connects to the gateway over loopback, allowing unauthenticated remote requests to bypass the configured webhook password.This could allow an attacker who can reach the proxy endpoint to inject arbitrary inbound BlueBubbles message/reaction events.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
< 2026.2.12 - Patched versions:
>= 2026.2.12
Exposure / Configuration
- BlueBubbles is an optional channel plugin (intended to eventually replace the legacy iMessage plugin, which is also optional). It is not enabled by default and is not part of a standard OpenClaw configuration.
- Only deployments with the BlueBubbles webhook endpoint exposed through a reverse proxy are impacted.
Details
The BlueBubbles webhook handler accepts inbound events via an HTTP POST endpoint under the configured BlueBubbles webhook path.
In vulnerable versions, the handler would accept requests as authenticated if
req.socket.remoteAddress is loopback, without validating forwarding headers. With common reverse-proxy setups, the gateway sees the proxy as the direct client (loopback), even when the original request is remote.Fix
- Primary fix (released in
2026.2.12): remove loopback-based authentication bypass and require the configured webhook secret. - Defense-in-depth follow-up (next release after commit below): treat requests with forwarding headers as proxied and never accept passwordless webhooks through a proxy.
Fix Commit(s)
f836c385ffc746cb954e8ee409f99d079bfdcd2f(released in2026.2.12)743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a(defense-in-depth follow-up)
Mitigations
- Ensure a BlueBubbles webhook password is configured.
- Do not expose the gateway webhook endpoint publicly without authentication.
Thanks @simecek for reporting.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw