EUVD-2026-9892
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open must be configured. Attackers can execute privileged slash commands via direct message to bypass...