Description
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including block_action, view_submission, and view_closed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue system-event text into active sessions.
Published: 2026-03-19
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass, potential message injection in shared workspaces
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a failure to enforce sender authorization checks for interactive callbacks, including block_action, view_submission, and view_closed, in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue system‑event text into active sessions. This indicates a permission check failure (CWE-863) that could be used to inject or manipulate messages in the workspace, thereby compromising the integrity of communication and potentially enabling further malicious actions.

Affected Systems

OpenClaw, all versions prior to 2026.2.25 are affected. The issue applies to installations using the shared workspace deployment model.

Risk and Exploitability

With a CVSS score of 7.6 the vulnerability is of high impact, though the EPSS score is not available. It is not listed in CISA’s KEV catalog. The attack vector is an authenticated but unauthorized workspace member, so it requires access to the workspace but not external network exploitation. The risk is moderate to high for any environment in which unauthorized members could exist within shared workspaces.

Generated by OpenCVE AI on March 19, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the OpenClaw version currently in use
  • If the version is earlier than 2026.2.25, upgrade to 2026.2.25 or newer
  • Ensure that workspace settings enforce strict sender checks and allowFrom restrictions
  • Monitor workspace activity for unexpected callbacks or injected messages

Generated by OpenCVE AI on March 19, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x2ff-j5c2-ggpr OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows
History

Fri, 20 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including block_action, view_submission, and view_closed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue system-event text into active sessions.
Title OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-20T15:13:05.699Z

Reserved: 2026-03-10T19:48:13.664Z

Link: CVE-2026-32005

cve-icon Vulnrichment

Updated: 2026-03-20T15:12:53.916Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T22:16:32.950

Modified: 2026-03-24T21:22:47.583

Link: CVE-2026-32005

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:05:38Z

Weaknesses