PT-2026-23549 · Openclaw+1 · @Openclaw/Nextcloud-Talk+1

Megamansec

Published

2026-01-20

Updated

2026-05-11

CVE-2026-28474

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenClaw Nextcloud Talk plugin versions prior to 2026.2.6

Description The Nextcloud Talk plugin allows attackers to bypass direct message (DM) and room allowlists. The plugin incorrectly uses the mutable actor.name field for allowlist validation. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations. The vulnerable field is actor.name, which is part of the webhook payload.

Recommendations Upgrade @openclaw/nextcloud-talk to version 2026.2.6 or later.

Fix

Authentication Bypass by Spoofing

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290CWE-863

Related Identifiers

BDU:2026-06171

CVE-2026-28474

GHSA-R5H9-VJQC-HQ3R

Affected Products

@Openclaw/Nextcloud-Talk

Nextcloud Talk

PT-2026-23549 · Openclaw+1 · @Openclaw/Nextcloud-Talk+1

CVE-2026-28474

Weakness Enumeration

Related Identifiers

Affected Products

References · 18