Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.3

Discord Integration in OpenClaw Misclassifies Group Messages as Direct Messages

GHSA-6336-qqw9-v6x6
Summary

A bug in OpenClaw's Discord integration causes group messages to be incorrectly identified as direct messages, which can lead to unintended consequences in your messaging setup. This issue affects versions of OpenClaw up to 2026.3.28, but has been fixed in version 2026.3.31. To stay secure, update to the latest version of OpenClaw.

What to do
  • Update openclaw to version 2026.3.31.
Affected software
VendorProductAffected versionsFix available
openclaw <= 2026.3.31 2026.3.31
Original title
OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
Original description
## Summary
Discord Component Interaction Misclassifies Group DM as Direct Message

## Current Maintainer Triage
- Status: narrow
- Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impact is limited to Group DM policy or session misclassification.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `8c83128fc38d5a3642b8ccbea58550755fdbbbaf` — 2026-03-30T11:17:53-06:00

OpenClaw thanks @nexrin for reporting.
osv CVSS4.0 7.3
Vulnerability type
CWE-863 Incorrect Authorization
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026