OpenClaw Privilege Escalation Vulnerability in Slack Plugin Approvals via Exec Approver Gate

A privilege escalation vulnerability has been identified in OpenClaw versions prior to 2026.5.12. This vulnerability exists within the Slack plugin approval process, allowing users with limited exec approval permissions to bypass intended approval splits and resolve plugin actions outside of the operator's configuration. The issue arises from the use of the exec approver gate for plugin actions, which can be exploited by exec-authorized users to approve actions that should require additional oversight.

Impact

Exploitation of this vulnerability could lead to unauthorized approval of plugin actions, bypassing the operator's intended approval process. The practical impact would depend on the specific operator configuration and the trust level of the inputs involved.

Remediation

Operators are advised to keep approval allowlists aligned and manually review Slack approval actions until the patch is applied. As a general hardening measure, maintain narrow channel and tool allowlists, avoid sharing a single Gateway between untrusted users, and disable the affected feature when not needed.