3 matches found
CVE-2026-28392
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open must be configured. Attackers can execute privileged slash commands via direct message to bypass...
CVE-2026-28392
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open must be configured. Attackers can execute privileged slash commands via direct message to bypass...
PT-2026-23521
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Slack slash-command handler incorrectly authorizes any direct message sender when the dmPolicy is set to open. This allows attackers to execute privileged slash commands via direct message,...