Discord Chat Vulnerability in OpenClaw: Group DMs Misclassified

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Discord Chat Vulnerability in OpenClaw: Group DMs Misclassified

GHSA-6336-qqw9-v6x6

Summary

A bug in the OpenClaw library for Discord integration can mistakenly identify group messages as direct messages. This could lead to unintended access or confusion. Update to version 2026.3.31 or later to fix this issue.

What to do

Update openclaw to version 2026.3.31.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.28	2026.3.31

Original title

OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Original description

## Summary
Discord Component Interaction Misclassifies Group DM as Direct Message

## Current Maintainer Triage
- Status: narrow
- Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impact is limited to Group DM policy or session misclassification.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `8c83128fc38d5a3642b8ccbea58550755fdbbbaf` — 2026-03-30T11:17:53-06:00

OpenClaw thanks @nexrin for reporting.

ghsa CVSS4.0 5.3

Vulnerability type

CWE-863 Incorrect Authorization

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026