OpenClaw Authorization Bypass Vulnerability in Discord Voice Ingress
Vulnerability
A vulnerability allowing authorization bypass in Discord voice ingress has been identified in OpenClaw versions prior to 2026.3.31. This vulnerability allows attackers to circumvent channel and member allowlist restrictions, gaining unauthorized access to restricted voice channels. The issue arises from stale-role validation gaps and improper channel name validation, which can be exploited to bypass configured access policies.
Impact
Exploitation of this vulnerability allows for unauthorized access to restricted voice channels by bypassing channel and member allowlist restrictions.
Reproduction
The vulnerability can be reproduced by joining a voice channel that is not allowlisted, while holding a role that is still valid but should not grant access. Once in the channel, speech can be transmitted, effectively bypassing the intended access controls.
Remediation
Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.