CVE-2026-41303

OpenClaw before 2026.3.28 contains an authorization bypass in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Specifically, the channels.discord.execApprovals.approvers allowlist can be bypassed by using Discord text commands to approve pending host exe...