CVE-2026-32035
OpenClaw CVE-2026-32035 affects openclaw prior to 2026.3.2. The Discord voice transcript path in agentCommand omits senderIsOwner, causing the flag to default to true and enabling non-owner participants in mixed-trust channels to access owner-only tools (gateway, cron). Affected versions: ≤ 2026....