The vulnerability stems from the Discord moderation handler in OpenClaw versions 2026.2.17 and earlier. The handler accepts a sender identity supplied in request parameters when processing moderation actions, instead of verifying the sender through the bot’s runtime context. Because of this flaw, a non-admin user can forge these parameters to make the bot perform timeout, kick, or ban actions with the same effect as an authorized moderator. This grants the attacker unauthorized moderation control, which compromises the integrity of the Discord community. The weakness is classed as CWE‑862, Authentication Failure.

This issue affects the OpenClaw AI assistant, distributed under the vendor name OpenClaw by OpenClaw. All installations running version 2026.2.17 or older are vulnerable. The product is built on a Node.js runtime, and the affected component is the Discord moderation action handling module.

The CVSS base score is 2.3, indicating a low severity impact on confidentiality, integrity, and availability. EPSS is less than 1 %, meaning the probability of exploitation is very low, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers can exploit the flaw by sending crafted requests to the bot’s endpoint while possessing a Discord account that can initiate tool-driven flows. The exploit requires the bot to have moderation permissions within the guild, but it does not require any escalated privileges on the host system, so the risk is bounded to the Discord server’s control. Nevertheless, organizations that expose the bot to untrusted users should patch promptly to eliminate the possibility of abuse.