OpenClaw Authorization Bypass Vulnerability in Interactive Callbacks

A vulnerability exists in OpenClaw versions prior to 2026.2.25, where sender authorization checks are not properly enforced for interactive callbacks in shared workspace deployments. This flaw allows unauthorized workspace members to bypass sender restrictions and channel user allowlists, enabling them to inject system-event text into active sessions. The issue arises from the failure to validate sender authorization for callbacks such as block_action, view_submission, and view_closed, particularly in shared Slack workspaces that rely on sender restrictions.

Impact

Exploitation of this vulnerability could lead to unauthorized injection of system-event text into active sessions, disrupting the intended workflow and potentially causing confusion or miscommunication. However, this issue does not grant unauthenticated access, bypass cross-gateway isolation, or escalate privileges at the host level.

Reproduction

In a shared Slack workspace deployment with OpenClaw version prior to 2026.2.25, an unauthorized workspace member can interact with a channel or user that is not on the allowlist. They can then trigger an interactive callback, such as a block action or a view submission, which will be processed without the necessary authorization checks. This allows them to inject system-event text into the session, bypassing the established sender restrictions.

Remediation

Users can update to OpenClaw version 2026.2.25 or later, where this vulnerability has been patched.