Description

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations.

INFO

Published Date :

2026-03-05T21:59:49.849Z

Last Modified :

2026-03-09T18:08:50.134Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-28474 vulnerability.

Vendors Products
Openclaw
  • Nextcloud-talk
  • Openclaw
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28474.

URL Resource
https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d cve-icon cve-icon
https://github.com/openclaw/openclaw/security/advisories/GHSA-r5h9-vjqc-hq3r cve-icon cve-icon
https://www.vulncheck.com/advisories/openclaw-nextcloud-talk-allowlist-bypass-via-actorname-display-name-spoofing cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact