CVE-2026-41348 OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...

CVE-2026-41303

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending hos...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the Discord slash and autocomplete command handling process. An attacker can gain unauthorized access to group DM channels by bypassing the allowlist restrictio...

Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages

Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords...

MAL-2025-191761 Malicious code in hooktest3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d1104ab742749c40acd3c4c989dba15890db64fd22f688dea72727fbc5b9d23 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

Malicious code in discord-commands (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5060 Malicious code in discord-commands (PyPI)

--- -= Per source details. Do not edit below this line.=-...