Main Vulnerability Database Vulnerabilities #VU132772

Improper access control in OpenClaw - #VU132772

Published: May 29, 2026

Vulnerability identifier: #VU132772

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to invoke slash command behavior after token revocation.

The vulnerability exists due to improper access control in the Mattermost slash token validation logic when processing requests during the monitor refresh window. A remote user can continue using an old Mattermost slash token to invoke slash command behavior after token revocation.

Only instances with the affected feature enabled and reachable are vulnerable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-4m3v-q747-pc6h

Improper access control in OpenClaw - #VU132772

Detailed vulnerability description

Remediation

Sources

Please verify you're human