CVE-2026-28471

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.14-1 through 2026.2.1

Description The software contains a flaw where direct message (DM) allowlist matching can be circumvented by precisely matching sender display names and localparts without homeserver verification. This allows remote Matrix users to impersonate permitted identities by utilizing attacker-controlled display names or matching localparts from different homeservers, potentially reaching the routing and agent pipeline. The issue arises because DM allowlist decisions are made by exact-matching entries against sender-derived candidates, including the sender display name and the sender MXID localpart without the homeserver component. If an operator configures Matrix allowlists with display names or bare localparts, a remote Matrix user may be able to impersonate an allowed identity.

Recommendations Upgrade to OpenClaw version 2026.2.2 or later. Ensure Matrix allowlists contain only full Matrix user IDs (MXIDs) like @user:server. Do not use display names or bare localparts.