CVE-2026-41367

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. There were security vulnerabilities in the versions of OpenClaw from 2026.2.14 to 2026.3.24. These vulnerabilities stemmed from inconsistent application of Discord button and component interactions in channels and...

PT-2026-35555

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the process that handles Discord component interactions, which incorrectly classifies Group Direct Messages as standard Direct Messages. An attacker can cause...