CVE-2026-28474

9.8 CRITICAL

Published: March 05, 2026 Modified: March 09, 2026

Description

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d

Source: disclosure@vulncheck.com

https://github.com/openclaw/openclaw/security/advisories/GHSA-r5h9-vjqc-hq3r

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/openclaw-nextcloud-talk-allowlist-bypass-via-actorname-display-name-spoofing

Source: disclosure@vulncheck.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.8 / 10.0

EPSS (Exploit Probability)

0.1%

16th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-863

Related CVEs

CVE-2026-3550 5.3

CVE-2026-33192 N/A

CVE-2026-33080 7.3

CVE-2026-33075 N/A

CVE-2026-33072 8.2