Primary

Context

OpenClaw Authorization Bypass Vulnerability in Discord Guild Reaction Ingestion

Vulnerability

A vulnerability allowing authorization bypass has been identified in OpenClaw versions prior to 2026.3.11. This issue arises in the Discord guild reaction ingestion process, where the application fails to properly enforce allowlist checks for member users and roles. As a result, non-allowlisted guild members can trigger reaction events that are treated as trusted system events, injecting reaction text into the session context downstream.

Impact

Exploitation of this vulnerability allows non-allowlisted guild members to bypass authorization checks, injecting unauthorized reaction text into session contexts as trusted system events.

Remediation

Users are advised to upgrade to OpenClaw version 2026.3.11 or later.

Added: Mar 29, 2026, 1:26 PM

Updated: Mar 29, 2026, 1:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Authorization Bypass Vulnerability in Discord Guild Reaction Ingestion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating