Description
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests.
Published: 2026-04-20
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass leading to unauthorized host execution
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions earlier than 2026.3.28 contain a flaw that allows an attacker to execute Discord text commands that bypass the channels.discord.execApprovals.approvers allowlist. The vulnerability permits non‑approvers to resolve pending execution approvals, enabling the launch of host commands without proper authorization. The weakness is a classic permission‑checking error (CWE‑863), potentially facilitating privilege escalation and unauthorized system access.

Affected Systems

The affected product is OpenClaw, as distributed before version 2026.3.28. The software is a Node.js application that interfaces with Discord for host‑execution approvals. All installations of OpenClaw running a version older than 2026.3.28 are susceptible.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity. No EPSS value is provided, but the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw by sending a specially crafted Discord command in a channel that the OpenClaw bot monitors. The attacker only needs basic Discord access to a channel linked to the bot; no system local privileges or network credentials are required, making the attack plausible in most environments where OpenClaw is deployed.

Generated by OpenCVE AI on April 21, 2026 at 15:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.28 or later.
  • If upgrading cannot be performed immediately, temporarily disable or remove the Discord text approval feature from the bot’s permissions or restrict the channels.discord.execApprovals.approvers allowlist to trusted roles only.
  • Review and tighten Discord server role permissions so that only authorized users can trigger approval commands, and audit activity logs for any unauthorized approval attempts.

Generated by OpenCVE AI on April 21, 2026 at 15:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-98hh-7ghg-x6rq OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals
History

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests.
Title OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-21T13:35:55.924Z

Reserved: 2026-04-20T14:01:13.152Z

Link: CVE-2026-41303

cve-icon Vulnrichment

Updated: 2026-04-21T13:35:48.743Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T00:16:31.223

Modified: 2026-04-27T15:20:33.217

Link: CVE-2026-41303

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:45:07Z

Weaknesses