GHSA-mw7w-g3mg-xqm7: OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events

March 27, 2026

BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events

References

github.com/advisories/GHSA-mw7w-g3mg-xqm7
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/f8c98630785288cc1f1d0893503ef3b653a3cede
github.com/openclaw/openclaw/security/advisories/GHSA-mw7w-g3mg-xqm7

Code Behaviors & Features

Detect and mitigate GHSA-mw7w-g3mg-xqm7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →