OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch

Description

Summary

In openclaw versions 2026.2.22 and 2026.2.23, the optional synology-chat channel plugin had an authorization fail-open condition: when dmPolicy was allowlist and allowedUserIds was empty/unset, unauthorized senders were still allowed through to agent dispatch.

This is assessed as medium severity because it requires channel/plugin setup and Synology sender access, but can still trigger downstream agent/tool actions.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: >= 2026.2.22, <= 2026.2.23
  • Latest published affected version at patch time: 2026.2.23
  • Planned patched version: 2026.2.24

Details

Root cause was a policy mismatch across plugin code paths:
1. Default resolved DM policy was allowlist.
2. Empty allowedUserIds was treated as allow-all.
3. Webhook auth in allowlist mode depended on that helper.

Result: allowlist with empty list behaved like open access for inbound Synology senders.

Fix Commit(s)

  • 0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5
  • 7655c0cb3a47d0647cbbf5284e177f90b4b82ddb

Release Process Note

patched_versions is pre-set to the planned next release (>= 2026.2.24). Once npm release 2026.2.24 is published, the advisory can be published directly.

OpenClaw thanks @tdjackey for reporting.

Publication Update (2026-02-25)

[email protected] is published on npm and contains the fix commit(s) listed above. This advisory now marks >= 2026.2.24 as patched.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2026-03-03 23:03:49 UTC
Updated
2026-03-20 21:36:35 UTC
GitHub reviewed
2026-03-03 23:03:49 UTC

EPSS Score

Score Percentile
0.06% 19.31%

CVSS Scores

Base score Version Severity Vector
5.3 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network.
Attack complexity (AC:L)
Exploitation conditions are straightforward and stable.
Attack requirements (AT:N)
No additional preconditions are required beyond normal reachability.
Privileges required (PR:L)
Low privileges are required.
User interaction (UI:N)
No user interaction is required.
Vulnerable system confidentiality impact (VC:N)
No confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:L)
Limited integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:N)
No availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:N)
No confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N)
No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N)
No availability impact on subsequent systems.

Identifiers

CWEs

CWE id Name
CWE-284 Improper Access Control
CWE-863 Incorrect Authorization

Credits

  • tdjackey (reporter)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
npm openclaw >= 2026.2.22, <= 2026.2.23 2026.2.24

References

cvelogic Threat Intelligence