CVE-2026-26328

Publication date

2026-02-19 23:04:12

Family

GitHub_M

State

PUBLISHED

Description

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue.