DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-RQ6G-PX6M-C248: Identity Theft via Webhook Roulette: Cracking OpenClaw's Google Chat Integration

#security #cve #cybersecurity #ghsa

Identity Theft via Webhook Roulette: Cracking OpenClaw's Google Chat Integration

Vulnerability ID: GHSA-RQ6G-PX6M-C248
CVSS Score: 7.5
Published: 2026-02-18

A critical logic flaw in OpenClaw's Google Chat webhook dispatcher allowed for cross-account context confusion. By relying on a 'first-match' selection strategy for incoming webhooks, the system failed to distinguish between multiple valid targets sharing the same endpoint and verification credentials. This ambiguity enabled scenarios where messages intended for one AI agent could be intercepted and processed by another, leading to potential data leakage and unauthorized action execution.

TL;DR

OpenClaw's Google Chat integration played 'webhook roulette' with incoming messages. If two bots shared a URL, the first one in the config list grabbed the message, regardless of intended recipient. Fixed in v2026.2.14.

⚠️ Exploit Status: POC

Technical Details

  • Attack Vector: Network (Webhook)
  • CVSS: 7.5 (High)
  • Impact: Cross-Account Context Confusion
  • Components: extensions/googlechat/src/monitor.ts
  • Exploit Status: PoC Available
  • Root Cause: Improper Logic in Iterative Verification

Affected Systems

  • OpenClaw Google Chat Extension
  • OpenClaw Core (via Extension loading)
  • OpenClaw: < v2026.2.14 (Fixed in: v2026.2.14)

Code Analysis

Commit: 61d59a8

fix(googlechat): prevent ambiguous webhook routing by enforcing uniqueness checks

@@ -45,7 +45,7 @@
-      selected = target;
-      break;
+      matchedTargets.push(target);
+      if (matchedTargets.length > 1) break;
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Upgrade OpenClaw to v2026.2.14 immediately.
  • Reconfigure webhook targets to use unique URL paths per bot (e.g., /googlechat/bot-a vs /googlechat/bot-b).
  • Ensure distinct Google Cloud Projects (Audience IDs) are used for distinct security boundaries.

Remediation Steps:

  1. Pull the latest docker image or update the npm package for openclaw.
  2. Review the application logs for 'ambiguous webhook target' errors after updating.
  3. If 401 errors appear, modify the Google Chat API configuration to point to distinct endpoints.

References

Read the full report for GHSA-RQ6G-PX6M-C248 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)