CVE-2026-41367 OpenClaw 2026.2.14 < 2026.3.28 - Policy Enforcement Bypass in Discord Component Interactions

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

CVE-2026-41367 OpenClaw 2026.2.14 < 2026.3.28 - Policy Enforcement Bypass in Discord Component Interactions

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

CVE-2026-41367

CVE-2026-41367 affects OpenClaw versions 2026.2.14 through 2026.3.24. The issue is that the software fails to consistently apply guild and channel policy gates to Discord button and component interactions, allowing attackers to trigger privileged component actions from blocked contexts by bypassi...

OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Summary Discord Component Interaction Misclassifies Group DM as Direct Message Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impac...