CVE-2026-28448

HighPublic PoC

Published: 05 March 2026

Published

05 March 2026

Modified

11 March 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0011 29.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent…

dispatch. Remote attackers can mention the bot in Twitch chat to bypass access control and invoke the agent pipeline, potentially causing unintended actions or resource exhaustion.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Requires enforcement of approved authorizations, directly addressing the Twitch plugin's failure to enforce the allowFrom allowlist when allowedRoles is unset or empty.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of flaws like this authorization bypass, enabling timely patching to OpenClaw version 2026.2.1.

CM-6 Configuration Settings partial match

prevent

Ensures configuration settings for the Twitch plugin are securely established and verified to prevent bypass vulnerabilities from misconfigurations such as empty allowedRoles.

Security SummaryAI

CVE-2026-28448 is an improper authorization vulnerability (CWE-285) in OpenClaw versions 2026.1.29 prior to 2026.2.1, specifically affecting the Twitch plugin when it is installed and enabled. The plugin fails to enforce the allowFrom allowlist when the allowedRoles configuration is unset or empty, enabling unauthorized access to trigger agent dispatch functions.

Remote attackers require no privileges (PR:N) and can exploit this over the network (AV:N) with low complexity (AC:L) by mentioning the bot in Twitch chat. This bypasses access controls, invoking the agent pipeline and potentially causing unintended actions or resource exhaustion, with low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) under CVSS v3.1 scoring of 7.3.

Mitigation is addressed in OpenClaw version 2026.2.1. The fixing commit is available at https://github.com/openclaw/openclaw/commit/8c7901c984866a776eb59662dc9d8b028de4f0d0, with additional details in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-33rq-m5x2-fvgf and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-twitch-plugin-allowfrom-access-control.

Details

CWE(s): CWE-285

Affected Products

openclaw

2026.1.29 — 2026.2.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an improper authorization flaw in a Twitch plugin for a network-exposed application (OpenClaw), allowing remote, unauthenticated attackers to exploit it over the network via Twitch chat to bypass controls and trigger internal functions, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/openclaw/openclaw/commit/8c7901c984866a776eb59662dc9d8b028de4f0d0
Patch · disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-33rq-m5x2-fvgf
Vendor Advisory, Exploit · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-twitch-plugin-allowfrom-access-control
Third Party Advisory · disclosure@vulncheck.com