Description
OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM messages to bypass DM authorization restrictions and trigger downstream automation or tool policies.
Published: 2026-03-19
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks when processing Discord direct‑message reaction notifications, allowing any user to react to bot‑authored DM messages and enqueue reaction‑derived system events. The missing checks enable an attacker to bypass DM authorization restrictions and trigger downstream automation or tool policies, effectively compromising control over automated actions. This weakness is an example of improper authorization (CWE‑863).

Affected Systems

The vulnerability affects all OpenClaw deployments running a version older than 2026.2.25. The affected product is identified by the CPE cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*, meaning any Node.js environment with the OpenClaw package in that version range.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is remote: an attacker only needs to react to a bot‐generated Discord DM message, which does not require privileged local access and can be performed over the public internet where the OpenClaw instance receives Discord events.

Generated by OpenCVE AI on March 20, 2026 at 00:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.2.25 or later.

Generated by OpenCVE AI on March 20, 2026 at 00:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-354r-7mfh-7rh2 OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM messages to bypass DM authorization restrictions and trigger downstream automation or tool policies.
Title OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:28:59.093Z

Reserved: 2026-03-10T19:48:43.186Z

Link: CVE-2026-32028

cve-icon Vulnrichment

Updated: 2026-03-21T03:16:14.718Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T22:16:37.917

Modified: 2026-03-25T15:16:45.457

Link: CVE-2026-32028

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T10:44:25Z

Weaknesses