Description
OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in mixed-trust channels.
Published: 2026-03-19
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via Owner-Only Functionality
Action: Immediate Patch
AI Analysis

Impact

OpenClaw’s handling of Discord voice transcripts in versions prior to 2026.3.2 fails to pass the senderIsOwner flag when processing transcripts in agentCommand. The missing flag defaults to true, causing the application to treat non‑owner participants in mixed‑trust voice channels as the channel owner. This flaw allows an attacker who can send a voice transcript to invoke owner‑exclusive tools such as gateway and cron functionality, effectively granting elevated privileges. The vulnerability is classified as CWE‑863, Missing or Incorrect Permission Levels, and compromises integrity by enabling unauthorized command execution.

Affected Systems

OpenClaw versions earlier than 2026.3.2 are affected. The issue exists in all builds prior to the 2026.3.2 release, regardless of platform or deployment context.

Risk and Exploitability

The CVSS score of 5.8 places the vulnerability in the medium severity range. An EPSS score is not available, making the precise exploitation likelihood uncertain. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to be present in a mixed‑trust Discord voice channel and to deliver a transcript that triggers agentCommand; once the attacker has that capability the exploit path is straightforward, given the default flag behavior. No public exploits have been reported, but the medium severity combined with the potential for owner‑level command execution warrants prompt action and monitoring.

Generated by OpenCVE AI on March 19, 2026 at 23:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.2 or later.
  • If upgrading immediately is not possible, disable or restrict voice transcript processing in mixed‑trust channels to prevent the default owner flag from being applied.
  • Monitor application logs for unexpected use of gateway or cron commands performed by non‑owners.
  • Keep abreast of vendor advisories and apply future security updates as they become available.

Generated by OpenCVE AI on March 19, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-wpg9-4g4v-f9rc OpenClaw: Discord voice transcript owner-flag omission could expose owner-only tools in mixed-trust channels
History

Fri, 20 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in mixed-trust channels.
Title OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L'}

cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-20T17:56:13.671Z

Reserved: 2026-03-10T19:48:43.187Z

Link: CVE-2026-32035

cve-icon Vulnrichment

Updated: 2026-03-20T17:56:07.452Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T22:16:39.373

Modified: 2026-04-20T13:43:53.413

Link: CVE-2026-32035

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T10:44:18Z

Weaknesses