Discord Voice Manager on OpenClaw Allows Unapproved Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Discord Voice Manager on OpenClaw Allows Unapproved Access

GHSA-cqgw-44wg-44rf

Summary

A security issue in OpenClaw's Discord voice manager allows unauthorized users to join voice channels even if they're not on an approved access list. This could let unwanted users listen in on sensitive conversations. To fix this, update OpenClaw to version 2026.3.31 or later.

What to do

Update openclaw to version 2026.3.31.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.28	2026.3.31

Original title

OpenClaw: Discord voice manager bypasses channel-level member access allowlist

Original description

## Summary
Discord voice manager bypasses channel-level member access allowlist

## Current Maintainer Triage
- Normalized severity: medium
- Assessment: v2026.3.28 still accepts Discord voice ingress before channel allowlist authorization, and main-only gating means this remains a real shipped access-control bug.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `dba96e7507e0900f120e5e28e57755d69bf78759` — 2026-03-31T21:29:13+09:00

OpenClaw thanks @zsxsoft for reporting.

ghsa CVSS4.0 5.3

Vulnerability type

CWE-863 Incorrect Authorization

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026