Incorrect authorization in OpenClaw - #VU135874
Published: June 30, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to perform unauthorized actions.
The vulnerability exists due to improper access control in discord guild actions when handling cross-provider requester authorization. A remote user can invoke a lower-trust caller or configured input path to perform unauthorized actions.
Exploitation is limited to the affected feature and configuration, and practical impact depends on whether lower-trust input can reach the vulnerable path.