CVE-2026-44110: OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries
(updated )
Matrix room control-command authorization used the effective allowlist for room traffic, which included sender IDs learned from the Matrix DM pairing store. A sender who was allowed only for a Matrix DM could therefore authorize room control commands when they also posted in a bot room.
References
- github.com/advisories/GHSA-2gvc-4f3c-2855
- github.com/openclaw/openclaw/commit/2bfd808a83116bd888e3e2633a61473fa2ed81b6
- github.com/openclaw/openclaw/commit/f8705f512b09043df02b5da372c33374734bd921
- github.com/openclaw/openclaw/pull/67294
- github.com/openclaw/openclaw/pull/67325
- github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855
- nvd.nist.gov/vuln/detail/CVE-2026-44110
- www.vulncheck.com/advisories/openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store
Code Behaviors & Features
Detect and mitigate CVE-2026-44110 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →