Description
OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted senders through message_changed, message_deleted, and thread_broadcast events.
Published: 2026-03-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Event Injection via Slack System Event Bypass
Action: Apply Patch
AI Analysis

Impact

OpenClaw releases before 2026.2.26 omit sender authorization checks inside their member and message subtype system event handlers. This flaw allows an attacker to submit system events—such as message_changed, message_deleted, and thread_broadcast—using senders that are not on the platform’s allowlist. As a result, the application will enqueue these events and treat them as legitimate, effectively bypassing the intended per-channel and DM allowlist controls.

Affected Systems

All OpenClaw installations running any version prior to 2026.2.26 are vulnerable. The issue is present in the Node.js-based OpenClaw application, which processes Slack system events. No other vendors or products are affected.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the vulnerability is specifically a privilege‑escalation via authorization bypass (CWE‑863). EPSS information is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote: an attacker can send crafted Slack system events from an arbitrary, non‑allowlisted user. If successful, the attacker can disrupt or manipulate channel behavior by enqueuing unintended events, potentially leading to denial of service or unauthorized data manipulation.

Generated by OpenCVE AI on March 21, 2026 at 06:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw 2026.2.26 or later

Generated by OpenCVE AI on March 21, 2026 at 06:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-v8cg-4474-49v8 OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
History

Mon, 23 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted senders through message_changed, message_deleted, and thread_broadcast events.
Title OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T18:46:18.897Z

Reserved: 2026-03-16T21:18:44.710Z

Link: CVE-2026-32895

cve-icon Vulnrichment

Updated: 2026-03-23T18:45:33.521Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T01:17:10.303

Modified: 2026-03-23T19:47:30.360

Link: CVE-2026-32895

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:42:50Z

Weaknesses