The Name Game: Hijacking OpenClaw Bots via Telegram Username Recycling
Vulnerability ID: GHSA-MJ5R-HH7J-4GXF
CVSS Score: 5.9
Published: 2026-02-18
A logic flaw in the OpenClaw automation framework allowed attackers to bypass authorization controls by recycling Telegram usernames. Because the system relied on mutable string handles (e.g., '@admin') rather than immutable numeric identifiers for access control, an attacker could claim a relinquished username and inherit all associated privileges. This report details the mechanics of Identity Rebinding in chat operations.
TL;DR
OpenClaw trusted Telegram usernames ('@user') as security principals. Since usernames can be changed or deleted, attackers could claim abandoned handles to impersonate admins. The fix forces the use of immutable numeric user IDs.
⚠️ Exploit Status: POC
Technical Details
- Attack Vector: Network
- CVSS Score: 5.9 (Medium)
- Impact: Authorization Bypass
- Bug Class: Identity Rebinding
- Exploit Maturity: PoC / Logic Flaw
- Remediation: Configuration Migration
Affected Systems
- OpenClaw Telegram Bots
- Clawdbot instances
-
openclaw: <= 2026.2.13 (Fixed in:
2026.2.14) -
clawdbot: <= 2026.1.24-3 (Fixed in:
N/A)
Code Analysis
Commit: e3b432e
Enforce numeric validation for allowed users
+ function isNumericTelegramUserId(raw: string): boolean {
+ return /^\d+$/.test(raw);
+ }
Commit: 9e147f0
Migration script for config conversion
N/A (Script changes)
Mitigation Strategies
- Enforce immutable identifier usage for all authentication decisions.
- Deprecate string-based allowlists immediately.
- Audit configuration files for legacy handle-based entries.
Remediation Steps:
- Upgrade
openclawto version2026.2.14or later. - Run
openclaw doctor --fixto automatically convert usernames to numeric IDs. - Manually inspect
openclaw.jsonto ensure no@prefixed entries remain inallowFromarrays.
References
Read the full report for GHSA-MJ5R-HH7J-4GXF on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)