OpenClaw Access Control Vulnerability in Signal Reaction Notification Handling
Vulnerability
An access control vulnerability has been identified in OpenClaw versions prior to 2026.2.25. This vulnerability allows unauthorized senders to enqueue status events in the signal reaction notification handling before proper authorization checks are applied. Attackers can exploit this issue in the reaction-only event path to queue signal reaction status lines for sessions lacking appropriate direct message or group access validation.
Impact
Exploitation of this vulnerability could lead to unauthorized reaction status lines being added to agent context for affected sessions, potentially disrupting normal application behavior.
Reproduction
To reproduce this vulnerability, enable reaction notifications and send a reaction-only event from a sender not authorized for direct message delivery. The event will be queued before access checks are applied, bypassing authorization requirements.
Remediation
Users can update to OpenClaw version 2026.2.25 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.