OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Feishu card-action callbacks could synthesize a message event with DM conversations classified as group conversations. That skipped dmPolicy enforcement for card actions, so a...

GHSA-72Q8-JCMC-97WX OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Feishu card-action callbacks could synthesize a message event with DM conversations classified as group conversations. That skipped dmPolicy enforcement for card actions, so a...

CVE-2026-31998

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

CVE-2026-32028

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

CVE-2026-32006

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...

CVE-2026-28392

OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open must be configured. Attackers can execute privileged slash commands via direct message to bypass...

OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty

Summary BlueBubbles is an optional OpenClaw channel plugin. A configuration-sensitive access-control mismatch allowed DM senders to be treated as authorized when dmPolicy was pairing or allowlist and allowFrom was empty/unset. Severity Rationale Medium Severity is set to medium because: - this...

GHSA-JWF4-8WF4-JF2M OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty

Summary BlueBubbles is an optional OpenClaw channel plugin. A configuration-sensitive access-control mismatch allowed DM senders to be treated as authorized when dmPolicy was pairing or allowlist and allowFrom was empty/unset. Severity Rationale Medium Severity is set to medium because: - this...

Incorrect Authorization

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Incorrect Authorization in the synology-chat channel plugin when dmPolicy is set to allowlist and allowedUserIds is empty or unset. An attacker can trigger...

GHSA-25PW-4H6W-QWVM OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback

Summary In [email protected], BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. A sender that was only DM-paired not explicitly present in groupAllowFrom could pass group sender check...

PT-2026-26409

Summary In OpenClaw = 2026.2.25 Fix Commits - aedf62ac7e669a89c7b299201bf6537dc6b12e0e Release Process Note patched versions is pre-set to the release 2026.2.25 so after npm release the advisory is published. Thanks @tdjackey for reporting...

PT-2026-26388

Summary In [email protected], BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. A sender that was only DM-paired not explicitly present in groupAllowFrom could pass group sender check...

OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands

Summary When Slack DMs are configured with dmPolicy=open, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions...