In Telegram DM mode, inbound media was downloaded and written to disk before sender authorization checks completed. An unauthorized sender could trigger inbound media download/write activity (including media groups) even when DM access should be denied.
openclaw (npm)2026.2.23<= 2026.2.232026.2.249514201fb9b51de5d0b23151110d0ff5d9c8bd67The Telegram handler flow now enforces DM authorization before media download/write paths execute, including media-group handling. Inbound channel activity tracking was also moved to run after DM authorization in the Telegram message context path.
patched_versions is pre-set to the planned next release (2026.2.24). After npm publish, the advisory can be published without further version-field edits.
OpenClaw thanks @v8hid for reporting.
[email protected] is published on npm and contains the fix commit(s) listed above. This advisory now marks >= 2026.2.24 as patched.
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-h656-5vcf-cm23 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | <= 2026.2.23 | 2026.2.24 | — |