OpenClaw Sender Authorization Bypass in Slack System Event Handlers
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.2.26, where the application fails to properly enforce sender authorization in system event handlers for member and message subtypes. This oversight allows unauthorized events to be enqueued, enabling attackers to bypass Slack direct message allowlists and per-channel user allowlists. The vulnerability can be exploited by sending system events from non-allowlisted senders through message_changed, message_deleted, and thread_broadcast events.
Impact
Exploitation of this vulnerability allows unauthorized Slack system events to be processed, potentially leading to incorrect application behavior or unauthorized actions being taken on behalf of a user.
Reproduction
The vulnerability can be reproduced by sending Slack system events related to message changes, deletions, or thread broadcasts from users not on the allowlist. This can be done through the Slack API or by using a bot that sends these types of events from non-allowlisted users.
Remediation
Users can update to OpenClaw version 2026.2.26 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.