GHSA-86JJ-29WC-7Q2W Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

CVE-2026-32895

OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted sender...

CVE-2026-32050

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...

CVE-2026-32050

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 are affected by a sender-policy bypass in Slack reaction and pin event handlers. The root cause is inconsistent application of sender-policy checks to reaction_* and pin_* non-message events before they are added to system-event context, allowing attackers to ...

CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

EUVD-2026-13978

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

CVE-2026-32895

OpenClaw is affected in versions prior to 2026.2.26. The issue stems from the member and message subtype system event handlers not enforcing sender authorization, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending syste...

CVE-2026-32895 OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers

OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted sender...

CVE-2026-32895 OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers

OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted sender...

CVE-2026-32895

OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted sender...

CVE-2026-32057 OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui...

CVE-2026-32057

OpenClaw shows an authentication bypass in the trusted-proxy Control UI pairing mechanism. Affected: OpenClaw versions prior to 2026.2.25. Root cause: the control-ui client identifier (client.id=control-ui) is accepted without proper device identity verification, allowing an authenticated node-ro...

CVE-2026-32050

OpenClaw is affected in versions prior to 2026.2.25. The vulnerability arises in signal reaction notification handling, where an access control failure allows unauthorized senders to enqueue status events before authorization checks are applied. Specifically, the reaction-only event path in event...

CVE-2026-32050 OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...

CVE-2026-32050

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...