CVE-2026-28448: OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
(updated )
In the optional Twitch channel plugin (extensions/twitch), allowFrom is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate. If allowedRoles is unset or empty, the access control path defaulted to allow, so any Twitch user who could mention the bot could reach the agent dispatch pipeline.
Scope note: This only affects deployments that installed and enabled the Twitch plugin. Core OpenClaw installs that do not install/enable the Twitch plugin are not impacted.
References
- github.com/advisories/GHSA-33rq-m5x2-fvgf
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/8c7901c984866a776eb59662dc9d8b028de4f0d0
- github.com/openclaw/openclaw/releases/tag/v2026.2.1
- github.com/openclaw/openclaw/security/advisories/GHSA-33rq-m5x2-fvgf
- nvd.nist.gov/vuln/detail/CVE-2026-28448
- www.vulncheck.com/advisories/openclaw-authorization-bypass-in-twitch-plugin-allowfrom-access-control
Code Behaviors & Features
Detect and mitigate CVE-2026-28448 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →