When only a route-level group allowlist was configured, sender policy resolution silently downgraded from allowlist to open instead of preserving the configured group policy.
Any member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the operator intended sender-level restrictions.
extensions/googlechat/src/monitor-access.ts, extensions/zalouser/src/monitor.ts
<= 2026.3.24>= 2026.3.282026.3.28 contains the fix.Fixed by commit e64a881ae0 (Channels: preserve routed group policy).
OpenClaw thanks @AntAISecurityLab for reporting.
| Score | Percentile |
|---|---|
| 0.01% | 1.06% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 9.8 | 3.1 | — |
|
| 5.3 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-63mg-xp9j-jfcm ↗ |
| CVE | CVE-2026-33578 ↗ |
| CWE id | Name |
|---|---|
| CWE-863 | Incorrect Authorization |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | <= 2026.3.24 | 2026.3.28 | — |