OpenClaw versions prior to 2026.3.11 allow an attacker to bypass authorized user and role allowlist checks when processing Discord guild reaction events. As a result, reactions created by non‑allowlisted members are accepted as trusted events and their reaction text is injected into the bot’s downstream session context. This enables malicious actors to alter session data, potentially leading to unintended command execution, data manipulation, or the spread of spam or malicious content within the guild’s context.

The vulnerability affects all deployments of the OpenClaw application, a Node.js based Discord bot. Any installation running a version earlier than 2026.3.11 is susceptible. The issue arises when the bot ingests reaction events from Discord guilds without properly validating the reaction author against configured allowlists.

The CVSS score of 5.3 indicates a medium impact assessment. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. Likely attackers would need to be a member of the target guild; by sending a crafted reaction to a channel the bot monitors, they can trigger the vulnerable code path and inject payloads as part of the session context. Exploitability is moderate, requiring only access to the guild’s Discord interface rather than system-level privileges.