Discord Voice Chat Access Can Be Bypassed in OpenClaw

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.3

Discord Voice Chat Access Can Be Bypassed in OpenClaw

GHSA-x2m8-53h4-6hch

Summary

A security issue in OpenClaw's Discord integration allows anyone to join voice chats in certain channels, even if they shouldn't be able to. This is because the system doesn't properly check if a user has the right permissions. You should update to the latest version of OpenClaw, which has a fix for this issue, to prevent this from happening. If you're using a version before 2026.3.31, you're affected and should update as soon as possible.

What to do

Update openclaw to version 2026.3.31.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.28	2026.3.31

Original title

OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Original description

## Summary
Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

## Current Maintainer Triage
- Status: narrow
- Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical auth break and mainline fix is unreleased.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `dba96e7507e0900f120e5e28e57755d69bf78759` — 2026-03-31T21:29:13+09:00

OpenClaw thanks @cyjhhh for reporting.

ghsa CVSS4.0 2.3

Vulnerability type

CWE-862 Missing Authorization

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026