Description
OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.
Published: 2026-06-16
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions before 2026.5.12 allow Slack reaction events to bypass the notification disable setting and flow into the agent processing pipeline. This bypass can cause lower‑trust input to be processed without the usual safeguards, potentially enabling attackers to inject or execute unintended actions within the system. The vulnerability is categorized as Missing Authorization (CWE‑862).

Affected Systems

Any installation of OpenClaw older than version 2026.5.12 is affected. No detailed sub‑version list is provided, so all pre‑2026.5.12 releases are considered vulnerable.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low but non‑zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the abuse of Slack reaction events delivered to the OpenClaw webhook when reaction notifications are disabled. An attacker with the ability to add reactions in a Slack channel integrated with OpenClaw could trigger unauthorized input processing.

Generated by OpenCVE AI on June 17, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.12 or later to eliminate the reaction event bypass.
  • Prevent reaction events from reaching the OpenClaw agent pipeline by disabling reaction notifications in Slack or filtering reaction events at the webhook entry point.
  • Implement strict authorization checks for reaction event payloads to ensure only trusted sources can trigger agent processing, addressing the underlying Missing Authorization weakness.

Generated by OpenCVE AI on June 17, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.
Title OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-16T18:55:36.416Z

Reserved: 2026-06-10T21:21:12.125Z

Link: CVE-2026-53851

cve-icon Vulnrichment

Updated: 2026-06-16T18:43:06.532Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:17:02.327

Modified: 2026-06-16T20:42:46.200

Link: CVE-2026-53851

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:15:16Z

Weaknesses