Main Vulnerability Database Vulnerabilities #VU132711

Improper Authorization in OpenClaw - #VU132711

Published: May 29, 2026

Vulnerability identifier: #VU132711

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to trigger unintended agent processing.

The vulnerability exists due to improper authorization in the Slack reaction event handling feature when processing Slack reaction events delivered to the configured app. A remote user can send or cause a reaction event to be delivered to the app to trigger unintended agent processing.

Only deployments with the affected feature enabled and reachable are vulnerable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8

Improper Authorization in OpenClaw - #VU132711

Detailed vulnerability description

Remediation

Sources

Please verify you're human