OpenClaw Sender Allowlist Bypass Vulnerability via Slack Thread Context
Vulnerability
A vulnerability in OpenClaw versions prior to 2026.4.2 allows for a sender allowlist bypass through Slack thread context. The issue arises because the application fails to properly filter thread messages by sender allowlist before injecting them into the agent context. As a result, non-allowlisted messages can be introduced by replies from allowlisted users, circumventing sender access controls and potentially manipulating the model context.
Impact
Exploitation of this vulnerability could lead to unauthorized thread messages being injected into the agent context, bypassing sender allowlist controls and manipulating the model's response context.
Reproduction
To reproduce this vulnerability, send a reply in a Slack thread from an allowlisted user that includes non-allowlisted messages. The injected messages will bypass the sender allowlist filter and appear in the agent context.
Remediation
Users can update to OpenClaw version 2026.4.2 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.