Main Vulnerability Database Vulnerabilities #VU128850

Missing Authorization in OpenClaw - CVE-2026-27484

Published: May 1, 2026

Vulnerability identifier: #VU128850

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-27484

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to perform unauthorized moderation actions.

The vulnerability exists due to missing authorization in Discord moderation action handling when processing tool-driven moderation requests. A remote user can spoof sender identity fields to perform unauthorized moderation actions.

Exploitation requires moderation actions to be enabled and the bot to have the necessary guild permissions.

How to mitigate CVE-2026-27484

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-wh94-p5m6-mr7j
https://github.com/openclaw/openclaw/commit/775816035ecc6bb243843f8000c9a58ff609e32d

Missing Authorization in OpenClaw - CVE-2026-27484

Detailed vulnerability description

How to mitigate CVE-2026-27484

Sources

Please verify you're human