Main Vulnerability Database Vulnerabilities #VU132712

Incorrect authorization in OpenClaw - #VU132712

Published: May 29, 2026

Vulnerability identifier: #VU132712

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to bypass intended approval restrictions.

The vulnerability exists due to improper access control in the Slack plugin approval gate when handling plugin approval actions. A remote user can resolve a plugin approval through the exec approver gate to bypass intended approval restrictions.

Exploitation requires the affected feature to be enabled and reachable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-wv26-j37q-2g7p

Incorrect authorization in OpenClaw - #VU132712

Detailed vulnerability description

Remediation

Sources

Please verify you're human