OpenClaw Missing Authorization Check in Discord Direct Message Reactions
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.2.25, where the application fails to properly enforce authorization checks on Discord direct-message reaction notifications. This oversight allows non-allowlisted users to bypass DM authorization restrictions by reacting to bot-authored messages, thereby triggering automated responses or tool policies. The issue arises because the reaction notification path does not apply the same authorization gates as the regular DM message ingress, creating a inconsistency that can be exploited in restrictive DM setups.
Impact
Exploitation of this vulnerability allows unauthorized users to enqueue reaction-derived system events in Discord direct messages, bypassing established authorization checks. While this does not directly execute commands, it can disrupt workflows by triggering automated responses or tool policies, depending on the user's setup.
Reproduction
To reproduce this vulnerability, a non-allowlisted user must react to a bot-authored direct message in Discord. This reaction will bypass the usual authorization checks and trigger a reaction-derived system event, exploiting the inconsistency in how reactions are handled compared to regular messages.
Remediation
Users can update to OpenClaw version 2026.2.25 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.