OpenClaw versions prior to 2026.3.12 contain a critical authorization vulnerability that allows attackers to route unauthorized messages to the agent by spoofing group names.

In Zalouser allowlist mode, OpenClaw matches mutable group display names instead of stable, unique group identifiers. An attacker can create a new group with a name identical to an allowlisted group, thereby bypassing channel authorization and successfully routing messages to the agent.

This flaw allows unauthorized groups to interact with the OpenClaw agent, potentially leading to the disclosure of sensitive information or the execution of unauthorized tasks. The CVSS score of 9.8 emphasizes the critical risk associated with using non-unique, mutable attributes for security-critical authorization decisions.

Immediate Action: Update OpenClaw to version 2026.3.12 or later to ensure that the allowlist mechanism uses stable, unique group identifiers rather than mutable display names.

Proactive Monitoring: Review agent interaction logs for messages originating from unexpected or newly created groups that share names with trusted, allowlisted groups.

Compensating Controls: Disable Zalouser allowlist mode if it cannot be immediately patched, or implement manual verification for all new group-agent interactions.

Public Exploit Available: false

Using mutable strings for authorization is a high-risk practice. Organizations must prioritize the update to version 2026.3.12 to transition to identifier-based authorization and prevent attackers from spoofing trusted groups to gain unauthorized agent access.