js · openclawHeads-up
OpenClaw BlueBubbles Sender Policy Bypass via Mutable Conversation Identifiers
BlueBubbles sender policy could match mutable conversation identifiers, allowing a participant to bypass allowlist checks via conversation metadata instead of s
What changed
BlueBubbles sender policy could match mutable conversation identifiers, allowing a participant to bypass allowlist checks via conversation metadata instead of stable sender identity.
Who it affects
Operators using OpenClaw with the BlueBubbles feature enabled and reachable, especially those relying on sender allowlists.
What to do today
Upgrade to version 2026.5.7 or later; if unable to upgrade, restrict BlueBubbles groups and prefer stable sender identifiers.
The trail
Collected→
Audited→
Written→
Published